Message	Id	Version	Qualifiers	Level	Task	Opcode	Keywords	RecordId	ProviderName	ProviderId	LogName	ProcessId	ThreadId	MachineName	UserId	TimeCreated	ActivityId	RelatedActivityId	ContainerLog	MatchedQueryIds	Bookmark	LevelDisplayName	OpcodeDisplayName	TaskDisplayName	KeywordsDisplayNames	Properties
PowerShell console is ready for user input	40962	1		4	4	2	0	1946	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2364	2336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:05 PM	fe3d87aa-a761-0004-4c9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2364 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1945	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2364	3816	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:04 PM	fe3d87aa-a761-0004-4c9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1944	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2364	2336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:04 PM	fe3d87aa-a761-0004-4c9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = c7d20a86-7fc2-4d47-8e64-48a608b1d4ad Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 39db0011-2ab3-45fc-bae3-3e00a410d9d0 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1943	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:04 PM	fe3d87aa-a761-0003-7b96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 81b0bf6d-57a5-418a-8747-ee30edf0d1f5 Path:	4104	1		3	2	15	0	1942	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:04 PM	fe3d87aa-a761-0002-bcee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d6c2d120-e11b-436f-a0e9-d00cdcda3f75 Path:	4104	1		3	2	15	0	1941	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:04 PM	fe3d87aa-a761-0001-7ed8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d75a36a2-1394-4c05-b096-83b44d84027c Path:	4104	1		3	2	15	0	1940	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0001-6fd8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): FxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "C:\\collect-event-log.ps1", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7cbbf31e-38f8-4971-9b09-e1cf0d0f7f08 Path:	4104	1		3	2	15	0	1939	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0001-69d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vd ScriptBlock ID: 7cbbf31e-38f8-4971-9b09-e1cf0d0f7f08 Path:	4104	1		3	2	15	0	1938	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0001-69d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): yX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc ScriptBlock ID: 7cbbf31e-38f8-4971-9b09-e1cf0d0f7f08 Path:	4104	1		3	2	15	0	1937	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0001-69d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJ ScriptBlock ID: 7cbbf31e-38f8-4971-9b09-e1cf0d0f7f08 Path:	4104	1		3	2	15	0	1936	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4340	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0001-69d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1935	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4144	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0004-489e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 608 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1934	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4020	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0004-489e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1933	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	608	4144	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:03 PM	fe3d87aa-a761-0004-489e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1932	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4280	5072	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0004-369e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4280 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1931	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4280	2288	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0004-369e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1930	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4280	5072	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0004-369e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1929	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	980	808	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0005-5376-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 980 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1928	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	980	2264	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0005-5376-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1927	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	980	808	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0005-5376-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 672757d8-46e5-4034-9843-7dd7a932b98c Path:	4104	1		3	2	15	0	1926	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2588	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:02 PM	fe3d87aa-a761-0001-42d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3d58b88f-9142-41eb-b254-e11827a2ffde Path:	4104	1		3	2	15	0	1925	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0001-40d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 2f0d9199-2f05-4544-8f89-e08c4352b3a5 Path:	4104	1		3	2	15	0	1924	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0003-5296-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): c3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556738.59-245263624341728\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\collect-event-log.ps1", "checksum": "f0e4c7145db8c7eba44bc8a5b81542c17749bbda", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "collect-event-log.ps1", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556738.59-245263624341728'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 2209e36a-d301-4a80-8921-679e321651f6 Path:	4104	1		3	2	15	0	1923	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0001-2fd8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNr ScriptBlock ID: 2209e36a-d301-4a80-8921-679e321651f6 Path:	4104	1		3	2	15	0	1922	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0001-2fd8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): 3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb ScriptBlock ID: 2209e36a-d301-4a80-8921-679e321651f6 Path:	4104	1		3	2	15	0	1921	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0001-2fd8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB ScriptBlock ID: 2209e36a-d301-4a80-8921-679e321651f6 Path:	4104	1		3	2	15	0	1920	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2528	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0001-2fd8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1919	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0004-339e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1860 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1918	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	3208	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0004-339e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1917	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1860	2280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:01 PM	fe3d87aa-a761-0004-339e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659556738.59-245263624341728\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 07eb1de2-2d1b-4b4b-9c57-cc0ddd881c4d Path:	4104	1		3	2	15	0	1916	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	1284	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-4796-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1915	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	740	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-4596-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1900 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1914	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	3768	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-4596-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1913	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1900	740	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-4596-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 46a920a0-ee74-4d4a-b574-44da3063006a Path:	4104	1		3	2	15	0	1912	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-3696-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): vileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: d3ac97c9-a6f6-4a3e-9f37-2537d1aebabd Path:	4104	1		3	2	15	0	1911	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-3296-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPri ScriptBlock ID: d3ac97c9-a6f6-4a3e-9f37-2537d1aebabd Path:	4104	1		3	2	15	0	1910	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0003-3296-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 130e207d-4fc1-4390-9f88-84bca15cb742 Path:	4104	1		3	2	15	0	1909	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:59:00 PM	fe3d87aa-a761-0004-189e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: bc151f5e-3702-413c-b8d1-922bf95f4f6b Path:	4104	1		3	2	15	0	1908	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-2496-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): jdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\collect-event-log.ps1", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556738.59-245263624341728'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 59f5bc7b-361e-464e-ba8f-361119925a85 Path:	4104	1		3	2	15	0	1907	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-1e96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): CAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmV ScriptBlock ID: 59f5bc7b-361e-464e-ba8f-361119925a85 Path:	4104	1		3	2	15	0	1906	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-1e96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgI ScriptBlock ID: 59f5bc7b-361e-464e-ba8f-361119925a85 Path:	4104	1		3	2	15	0	1905	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-1e96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): CAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsI ScriptBlock ID: 59f5bc7b-361e-464e-ba8f-361119925a85 Path:	4104	1		3	2	15	0	1904	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-1e96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgI ScriptBlock ID: 59f5bc7b-361e-464e-ba8f-361119925a85 Path:	4104	1		3	2	15	0	1903	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0003-1e96-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1902	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2936	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0004-139e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3672 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1901	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	3404	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0004-139e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1900	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3672	2936	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0004-139e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1899	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4644	1136	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:59 PM	fe3d87aa-a761-0004-0e9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4644 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1898	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4644	932	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-0e9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1897	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4644	1136	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-0e9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1896	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4408	3808	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-0d9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4408 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1895	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4408	1440	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-0d9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1894	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4408	3808	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-0d9e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1893	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1048	3736	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-049e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1048 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1892	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1048	3084	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-049e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1891	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1048	3736	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0004-049e-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1890	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	3656	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0000-2751-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1889	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	524	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0000-2751-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1888	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1972	3656	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:58 PM	fe3d87aa-a761-0000-2751-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: bb8c8a41-542d-4735-b72c-89dee4c4d860 Path:	4104	1		3	2	15	0	1887	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1908	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0000-0751-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8a8f8145-25f5-45bd-8050-739e651a2e80 Path:	4104	1		3	2	15	0	1886	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0001-09d8-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 3c39c704-5f28-4c7a-834f-b03ff7fba985 Path:	4104	1		3	2	15	0	1885	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0001-fad7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): $output } ScriptBlock ID: 4890ba57-27b7-41c1-85f0-76fc619cb749 Path:	4104	1		3	2	15	0	1884	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0002-9aee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): sZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556734.2-207059592987706\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogjs.txt", "checksum": "3d83b7bd9b4b6f109f75affd8ae845d7acd9808d", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogjs.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556734.2-207059592987706'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output ScriptBlock ID: 4890ba57-27b7-41c1-85f0-76fc619cb749 Path:	4104	1		3	2	15	0	1883	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0002-9aee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): YWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRml ScriptBlock ID: 4890ba57-27b7-41c1-85f0-76fc619cb749 Path:	4104	1		3	2	15	0	1882	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0002-9aee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBG ScriptBlock ID: 4890ba57-27b7-41c1-85f0-76fc619cb749 Path:	4104	1		3	2	15	0	1881	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	1308	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:57 PM	fe3d87aa-a761-0002-9aee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1880	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	4880	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0004-fd9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4668 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1879	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	604	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0004-fd9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1878	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4668	4880	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0004-fd9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659556734.2-207059592987706\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 13445bd7-3fcc-440f-811a-c84994e7aeec Path:	4104	1		3	2	15	0	1877	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3820	2952	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0005-2876-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1876	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3820	92	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0003-0096-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3820 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1875	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3820	1364	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0003-0096-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1874	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3820	92	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:56 PM	fe3d87aa-a761-0003-0096-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 962d1f0e-2049-4ca7-ad55-2bc379900af7 Path:	4104	1		3	2	15	0	1873	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-e195-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): le and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 309649ec-2fa7-4aa3-8baa-8dbcc3efab26 Path:	4104	1		3	2	15	0	1872	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-dd95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversib ScriptBlock ID: 309649ec-2fa7-4aa3-8baa-8dbcc3efab26 Path:	4104	1		3	2	15	0	1871	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-dd95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a13be8c6-5c98-4267-97f5-9cfb6416eedc Path:	4104	1		3	2	15	0	1870	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-d995-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 96a2ee44-e651-44db-b349-9a1d7e49902f Path:	4104	1		3	2	15	0	1869	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-ca95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogjs.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556734.2-207059592987706'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 09252884-7f68-46db-b5ab-391d0fb12f79 Path:	4104	1		3	2	15	0	1868	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-c495-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): NvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9 ScriptBlock ID: 09252884-7f68-46db-b5ab-391d0fb12f79 Path:	4104	1		3	2	15	0	1867	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-c495-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): ycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcH ScriptBlock ID: 09252884-7f68-46db-b5ab-391d0fb12f79 Path:	4104	1		3	2	15	0	1866	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-c495-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): AgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEV ScriptBlock ID: 09252884-7f68-46db-b5ab-391d0fb12f79 Path:	4104	1		3	2	15	0	1865	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-c495-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgIC ScriptBlock ID: 09252884-7f68-46db-b5ab-391d0fb12f79 Path:	4104	1		3	2	15	0	1864	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0003-c495-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1863	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4040	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0005-1f76-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4048 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1862	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0005-1f76-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1861	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4048	4040	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:55 PM	fe3d87aa-a761-0005-1f76-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1860	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4112	1064	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0003-be95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4112 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1859	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4112	1856	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0003-be95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1858	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4112	1064	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0003-be95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1857	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1216	1280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0004-f69d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1216 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1856	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1216	1532	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0004-f69d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1855	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1216	1280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:54 PM	fe3d87aa-a761-0004-f69d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1854	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	372	2264	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-ea9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 372 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1853	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	372	4440	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-ea9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1852	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	372	2264	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-ea9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1851	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	1560	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-e99d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2288 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1850	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	1268	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-e99d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1849	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2288	1560	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0004-e99d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 3264ecd7-4517-489e-9935-f3fd3dd5b6ec Path:	4104	1		3	2	15	0	1848	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	580	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0001-bcd7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 79d8a537-bdc4-4e5c-ab53-a8bf80c20375 Path:	4104	1		3	2	15	0	1847	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:53 PM	fe3d87aa-a761-0005-1276-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9d5dfb84-526e-46c3-9d84-225a1b8f6cab Path:	4104	1		3	2	15	0	1846	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0001-b2d7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): oint.Run($payload) Write-Output $output } ScriptBlock ID: 1720f413-9467-4403-a6f7-02f16b2afbd7 Path:	4104	1		3	2	15	0	1845	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0001-acd7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556729.25-7199991938329\\source", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "dest": "C:\\eventlogcss.txt", "checksum": "d051fdb120afddc6f99086f6b8b905bce125cb45", "_ansible_module_name": "copy", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_original_basename": "eventlogcss.txt", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "mode": null, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "follow": false, "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556729.25-7199991938329'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entryp ScriptBlock ID: 1720f413-9467-4403-a6f7-02f16b2afbd7 Path:	4104	1		3	2	15	0	1844	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0001-acd7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8 ScriptBlock ID: 1720f413-9467-4403-a6f7-02f16b2afbd7 Path:	4104	1		3	2	15	0	1843	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0001-acd7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAg ScriptBlock ID: 1720f413-9467-4403-a6f7-02f16b2afbd7 Path:	4104	1		3	2	15	0	1842	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0001-acd7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1841	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	656	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0004-e59d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2576 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1840	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	4816	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0004-e59d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1839	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2576	656	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:52 PM	fe3d87aa-a761-0004-e59d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659556729.25-7199991938329\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 6a9a9db0-de6a-4c89-8d4f-785ff25202ec Path:	4104	1		3	2	15	0	1838	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	696	668	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0005-0376-50fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1837	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	696	3236	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0003-9e95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 696 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1836	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	696	1284	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0003-9e95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1835	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	696	3236	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0003-9e95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 483c255d-b5ea-4b5d-987f-0c1363d8a6a9 Path:	4104	1		3	2	15	0	1834	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0003-8f95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ctPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 03ba5126-a7f4-454b-870f-e7ab37935045 Path:	4104	1		3	2	15	0	1833	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0004-cc9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(stru ScriptBlock ID: 03ba5126-a7f4-454b-870f-e7ab37935045 Path:	4104	1		3	2	15	0	1832	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0004-cc9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b2e9fff7-e6cb-4dff-adad-c0da5fb63230 Path:	4104	1		3	2	15	0	1831	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:51 PM	fe3d87aa-a761-0003-8b95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d9204279-78cd-4c87-b1e1-5e7b52fb9d1d Path:	4104	1		3	2	15	0	1830	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7c95-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 8): ICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "stat", "_ansible_debug": false, "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_shell_executable": "/bin/sh", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "get_checksum": true, "_ansible_check_mode": false, "checksum_algo": "sha1", "follow": false, "path": "C:\\eventlogcss.txt", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659556729.25-7199991938329'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1829	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 8): KICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2Jq ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1828	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 8): MZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHs ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1827	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 8): CAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSB ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1826	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 8): XaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgI ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1825	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 8): GFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWx ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1824	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 8): lUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJza ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1823	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 8): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmx ScriptBlock ID: 9767916e-6024-4b4d-93c6-282899514990 Path:	4104	1		3	2	15	0	1822	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0003-7695-4efe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1821	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4424	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0004-c89d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3452 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1820	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	1292	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0004-c89d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1819	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3452	4424	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:50 PM	fe3d87aa-a761-0004-c89d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1818	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	3184	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-c09d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 504 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1817	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	1068	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-c09d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1816	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	504	3184	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-c09d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1815	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	732	3728	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-bf9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 732 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1814	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	732	832	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-bf9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1813	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	732	3728	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:49 PM	fe3d87aa-a761-0004-bf9d-4afe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d15258b2-10fe-4fe2-ab2f-8613b7123a61 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = a5f9aac9-1142-4202-b0ed-6f87276f7016 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1812	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	868	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:31 PM	fe3d87aa-a761-0000-8350-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: fb17ad09-babd-4ed3-8b43-771f5fc2b8a3 Path:	4104	1		3	2	15	0	1811	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	868	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:31 PM	fe3d87aa-a761-0000-7d50-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = d15258b2-10fe-4fe2-ab2f-8613b7123a61 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = a5f9aac9-1142-4202-b0ed-6f87276f7016 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1810	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	868	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:30 PM	fe3d87aa-a761-0000-7a50-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 6b8a6492-1b28-4639-95fb-d09a6e391d3c Path:	4104	1		3	2	15	0	1809	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	868	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:30 PM	fe3d87aa-a761-0000-0f50-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 488eb8e4-7d61-4ca4-80e6-25b2e1428206 Path:	4104	1		3	2	15	0	1808	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:30 PM	fe3d87aa-a761-0002-4cee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f5d88ce9-f240-4f0f-b669-cc9ff569ea38 Path:	4104	1		3	2	15	0	1807	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0001-86d7-4dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 3, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 5f8188bf-4df2-4486-a518-abcf5d87bc17 Path:	4104	1		3	2	15	0	1806	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0000-0050-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWU ScriptBlock ID: 5f8188bf-4df2-4486-a518-abcf5d87bc17 Path:	4104	1		3	2	15	0	1805	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0000-0050-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQ ScriptBlock ID: 5f8188bf-4df2-4486-a518-abcf5d87bc17 Path:	4104	1		3	2	15	0	1804	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0000-0050-4cfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1803	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4848	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0002-43ee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3092 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1802	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4592	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0002-43ee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1801	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	4848	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 7:58:29 PM	fe3d87aa-a761-0002-43ee-49fe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1800	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1136	1048	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:31 PM	fe3d87aa-a761-0004-2189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1136 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1799	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1136	828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:31 PM	fe3d87aa-a761-0004-2189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1798	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1136	1048	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:31 PM	fe3d87aa-a761-0004-2189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 836383b8-99f9-4284-b5d1-9658288b2f66 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6d8042ae-ee06-4696-90ea-f42f268a882d Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1797	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	520	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:31 PM	fe3d87aa-a761-0002-8789-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 730f6754-b53b-4e0f-bd38-b1a905eee490 Path:	4104	1		3	2	15	0	1796	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0003-c789-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 8f5a217c-f9de-4a14-84f1-156b79f84c74 Path:	4104	1		3	2	15	0	1795	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-a089-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1e264e48-b4c7-4cb4-8180-2ad655d08b92 Path:	4104	1		3	2	15	0	1794	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-9289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): 1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1793	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): mV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1792	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): zb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgc ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1791	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHB ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1790	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): CAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24 ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1789	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogI ScriptBlock ID: 38a5816b-fa51-4fc3-83c8-17eda4210eb4 Path:	4104	1		3	2	15	0	1788	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	1272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0001-8c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1787	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	2412	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0005-8289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2528 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1786	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	4620	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0005-8289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1785	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2528	2412	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:30 PM	fe3d87aa-a761-0005-8289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4e42f248-6f04-41b6-9746-c2b1fa62fe8e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ddccfc86-c34e-43ac-9786-3954951da41d Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1784	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	4332	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:29 PM	fe3d87aa-a761-0003-bb89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 4e42f248-6f04-41b6-9746-c2b1fa62fe8e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = ddccfc86-c34e-43ac-9786-3954951da41d Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1783	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	4332	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0002-5889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: dc6283bd-d229-49c9-b1af-e5ae0f620d49 Path:	4104	1		3	2	15	0	1782	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0000-5889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): e csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: e3209a8e-1fd1-4a9e-8dbe-1a8bcb4fb17f Path:	4104	1		3	2	15	0	1781	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0005-7089-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to forc ScriptBlock ID: e3209a8e-1fd1-4a9e-8dbe-1a8bcb4fb17f Path:	4104	1		3	2	15	0	1780	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0005-7089-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 0fd9805a-a7fd-4145-a22d-8fc94302af14 Path:	4104	1		3	2	15	0	1779	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0000-5489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 02975ef2-ca3c-4940-b528-0a65c8c90613 Path:	4104	1		3	2	15	0	1778	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:28 PM	fe3d87aa-a761-0005-6289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 7): bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1777	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 7): YWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1 ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1776	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 7): CAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRW ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1775	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 7): dFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgI ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1774	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 7): 6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIElu ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1773	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 7): VscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1772	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 7): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSG ScriptBlock ID: b336a24b-8897-4512-b717-88ae5a2d2a04 Path:	4104	1		3	2	15	0	1771	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	5100	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0005-5c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1770	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	3472	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0003-b489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3888 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1769	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	736	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0003-b489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1768	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3888	3472	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:27 PM	fe3d87aa-a761-0003-b489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1767	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	4272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:25 PM	fe3d87aa-a761-0004-0b89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 680 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1766	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	4504	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:25 PM	fe3d87aa-a761-0004-0b89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1765	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	4272	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:25 PM	fe3d87aa-a761-0004-0b89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 89d29822-6b26-4b20-844c-14dcf35c31b1 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 75fae7a7-d0bb-4025-bc8b-f5e4e4ddb23d Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1764	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3816	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:25 PM	fe3d87aa-a761-0000-4289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 19d5efab-a9a4-4254-8d88-c08e516533f2 Path:	4104	1		3	2	15	0	1763	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:25 PM	fe3d87aa-a761-0003-9d89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e8781fd1-c811-43c9-a788-4f2b6dd8d802 Path:	4104	1		3	2	15	0	1762	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-0a89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 886e6dbc-a2ad-447b-8579-fd02cd0121ad Path:	4104	1		3	2	15	0	1761	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): aiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service neutron-hyperv-agent | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 25ae473c-c2fa-49a1-a444-9d5ec5583a75 Path:	4104	1		3	2	15	0	1760	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-f688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): lwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9i ScriptBlock ID: 25ae473c-c2fa-49a1-a444-9d5ec5583a75 Path:	4104	1		3	2	15	0	1759	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-f688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): GZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdH ScriptBlock ID: 25ae473c-c2fa-49a1-a444-9d5ec5583a75 Path:	4104	1		3	2	15	0	1758	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-f688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): VlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzI ScriptBlock ID: 25ae473c-c2fa-49a1-a444-9d5ec5583a75 Path:	4104	1		3	2	15	0	1757	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-f688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5Gcm ScriptBlock ID: 25ae473c-c2fa-49a1-a444-9d5ec5583a75 Path:	4104	1		3	2	15	0	1756	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	3828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0004-f688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1755	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	2980	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0005-4989-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3208 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1754	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	4828	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0005-4989-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1753	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3208	2980	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:24 PM	fe3d87aa-a761-0005-4989-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fb611c86-a4ed-4b21-9381-e05a052ea2ec Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = a711d7f5-0506-4812-9b8f-068cbed9a285 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1752	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	1480	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:23 PM	fe3d87aa-a761-0000-2389-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = fb611c86-a4ed-4b21-9381-e05a052ea2ec Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = a711d7f5-0506-4812-9b8f-068cbed9a285 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1751	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	1480	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:22 PM	fe3d87aa-a761-0005-4589-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c738afc8-102c-42e7-81e5-13cc50054770 Path:	4104	1		3	2	15	0	1750	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:22 PM	fe3d87aa-a761-0002-2189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: 6b588915-d65e-4d8f-af52-796c33798c43 Path:	4104	1		3	2	15	0	1749	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:22 PM	fe3d87aa-a761-0002-1d89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; ScriptBlock ID: 6b588915-d65e-4d8f-af52-796c33798c43 Path:	4104	1		3	2	15	0	1748	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:22 PM	fe3d87aa-a761-0002-1d89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 34c24a8b-dd15-45cf-8b70-fe43870ce501 Path:	4104	1		3	2	15	0	1747	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:22 PM	fe3d87aa-a761-0002-1989-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ab2cef0b-0af4-44b3-a6f7-7e643d9a9251 Path:	4104	1		3	2	15	0	1746	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0a89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (9 of 9): "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\neutron-hyperv-agent.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1745	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (8 of 9): XVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1744	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 9): 2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUp ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1743	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 9): ZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1742	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 9): CBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpbmtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5a ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1741	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 9): 5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgI ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1740	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 9): gICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1739	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 9): ICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwuUHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICA ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1738	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 9): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAg ScriptBlock ID: de784482-210c-4df0-9a90-bcabf871628a Path:	4104	1		3	2	15	0	1737	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4380	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0002-0489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1736	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	3260	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0004-eb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4984 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1735	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	4016	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0004-eb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1734	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4984	3260	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:21 PM	fe3d87aa-a761-0004-eb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1733	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2068	2252	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:19 PM	fe3d87aa-a761-0004-e388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2068 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1732	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2068	4616	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:19 PM	fe3d87aa-a761-0004-e388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1731	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2068	2252	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:19 PM	fe3d87aa-a761-0004-e388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = e2919275-c542-4368-a7d8-74e8e15ad41d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = dcffbe7b-ab50-46eb-9e05-438019897467 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1730	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1788	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:19 PM	fe3d87aa-a761-0001-3a89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 38fa97df-df50-42c4-b840-ea414eb1da0f Path:	4104	1		3	2	15	0	1729	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-2489-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 44a5857a-19aa-4da5-8780-232b3ab5ac48 Path:	4104	1		3	2	15	0	1728	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-1d89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f68bd6e6-13b3-4086-8db6-67e83f7460b2 Path:	4104	1		3	2	15	0	1727	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0e89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): t $output } ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1726	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): 1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Get-Service nova-compute | %{$_.Status}", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Outpu ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1725	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): XNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1724	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): 0bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZ ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1723	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): gICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV9 ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1722	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICA ScriptBlock ID: 111790df-d7e1-4d1c-9c83-28966bbb300b Path:	4104	1		3	2	15	0	1721	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1224	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0005-0889-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1720	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	524	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0003-8189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 544 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1719	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	1132	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0003-8189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1718	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	544	524	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:18 PM	fe3d87aa-a761-0003-8189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.Linq; using System.Runtime.InteropServices; using System.Security.Principal; using System.Text; namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = de286890-d42a-4747-8dbd-3e27467bcc5e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 003fa766-c7a0-498b-a733-dc5997068184 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 36 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1717	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4152	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:17 PM	fe3d87aa-a761-0004-d388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = de286890-d42a-4747-8dbd-3e27467bcc5e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 003fa766-c7a0-498b-a733-dc5997068184 Pipeline ID = 8 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1716	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4152	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:17 PM	fe3d87aa-a761-0004-d188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e8902fe5-49c1-487b-8cb8-fc646016bb39 Path:	4104	1		3	2	15	0	1715	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:16 PM	fe3d87aa-a761-0002-cf88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): { IntPtr oldStatePtr = Marshal.AllocHGlobal(0); if (!NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, 0, oldStatePtr, out returnLength)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 122) // ERROR_INSUFFICIENT_BUFFER throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed to get old state size"); } // resize the oldStatePtr based on the length returned from Windows Marshal.FreeHGlobal(oldStatePtr); oldStatePtr = Marshal.AllocHGlobal((int)returnLength); try { bool res = NativeMethods.AdjustTokenPrivileges(hToken, disableAllPrivileges, newStatePtr, returnLength, oldStatePtr, out returnLength); int errCode = Marshal.GetLastWin32Error(); // even when res == true, ERROR_NOT_ALL_ASSIGNED may be set as the last error code if (!res || errCode != 0) throw new Win32Exception(errCode, "AdjustTokenPrivileges() failed"); // Marshal the oldStatePtr to the struct NativeHelpers.TOKEN_PRIVILEGES oldState = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(oldStatePtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); oldStatePrivileges = new NativeHelpers.LUID_AND_ATTRIBUTES[oldState.PrivilegeCount]; PtrToStructureArray(oldStatePrivileges, IntPtr.Add(oldStatePtr, Marshal.SizeOf(oldState.PrivilegeCount))); } finally { Marshal.FreeHGlobal(oldStatePtr); } } finally { NativeMethods.CloseHandle(hToken); } } finally { if (newStatePtr != IntPtr.Zero) Marshal.FreeHGlobal(newStatePtr); } return oldStatePrivileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => (bool?)p.Attributes.HasFlag(PrivilegeAttributes.Enabled)); } private static string GetPrivilegeName(NativeHelpers.LUID luid) { UInt32 nameLen = 0; NativeMethods.LookupPrivilegeName(null, ref luid, null, ref nameLen); StringBuilder name = new StringBuilder((int)(nameLen + 1)); if (!NativeMethods.LookupPrivilegeName(null, ref luid, name, ref nameLen)) throw new Win32Exception("LookupPrivilegeName() failed"); return name.ToString(); } private static void PtrToStructureArray<T>(T[] array, IntPtr ptr) { IntPtr ptrOffset = ptr; for (int i = 0; i < array.Length; i++, ptrOffset = IntPtr.Add(ptrOffset, Marshal.SizeOf(typeof(T)))) array[i] = (T)Marshal.PtrToStructure(ptrOffset, typeof(T)); } private static int StructureToBytes<T>(T structure, byte[] array, int offset) { int size = Marshal.SizeOf(structure); IntPtr structPtr = Marshal.AllocHGlobal(size); try { Marshal.StructureToPtr(structure, structPtr, false); Marshal.Copy(structPtr, array, offset, size); } finally { Marshal.FreeHGlobal(structPtr); } return size; } } } '@ Function Import-PrivilegeUtil { <# .SYNOPSIS Compiles the C# code that can be used to manage Windows privileges from an Ansible module. Once this function is called, the following PowerShell cmdlets can be used; Get-AnsiblePrivilege Set-AnsiblePrivilege The above cmdlets give the ability to manage permissions on the current process token but the underlying .NET classes are also exposed for greater control. The following functions can be used by calling the .NET class [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($name) [Ansible.PrivilegeUtil.Privileges]::DisablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::DisableAllPrivileges($process) [Ansible.PrivilegeUtil.Privileges]::EnablePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process) [Ansible.PrivilegeUtil.Privileges]::RemovePrivilege($process, $name) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process, $new_state) Here is a brief explanation of each type of arg $process = The process handle to manipulate, use '[Ansible.PrivilegeUtils.Privileges]::GetCurrentProcess()' to get the current process handle $name = The name of the privilege, this is the constant value from https://docs.microsoft.com/en-us/windows/desktop/SecAuthZ/privilege-constants, e.g. SeAuditPrivilege $new_state = 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' The key is the constant name as a string, the value is a ternary boolean where true - will enable the privilege false - will disable the privilege null - will remove the privilege Each method that changes the privilege state will return a dictionary that can be used as the $new_state arg of SetTokenPrivileges to undo and revert back to the original state. If you remove a privilege then this is irreversible and won't be part of the returned dict #> [CmdletBinding()] # build the C# code to compile $namespace_import = ($ansible_privilege_util_namespaces | ForEach-Object { "using $_;" }) -join "`r`n" $platform_util = "$namespace_import`r`n`r`n$ansible_privilege_util_code" # FUTURE: find a better way to get the _ansible_remote_tmp variable # this is used to force csc to compile the C# code in the remote tmp # specified $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $platform_util $env:TMP = $original_tmp } Function Get-AnsiblePrivilege { <# .SYNOPSIS Get the status of a privilege for the current process. This returns $true - the privilege is enabled $false - the privilege is disabled $null - the privilege is removed from the token If Name is not a valid privilege name, this will throw an ArgumentException. .EXAMPLE Get-AnsiblePrivilege -Name SeDebugPrivilege #> [CmdletBinding()] param( [Parameter(Mandatory=$true)][String]$Name ) if (-not [Ansible.PrivilegeUtil.Privileges]::CheckPrivilegeName($Name)) { throw [System.ArgumentException] "Invalid privilege name '$Name'" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() $privilege_info = [Ansible.PrivilegeUtil.Privileges]::GetAllPrivilegeInfo($process_token) if ($privilege_info.ContainsKey($Name)) { $status = $privilege_info.$Name return $status.HasFlag([Ansible.PrivilegeUtil.PrivilegeAttributes]::Enabled) } else { return $null } } Function Set-AnsiblePrivilege { <# .SYNOPSIS Enables/Disables a privilege on the current process' token. If a privilege has been removed from the process token, this will throw an InvalidOperationException. .EXAMPLE # enable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $true # disable a privilege Set-AnsiblePrivilege -Name SeCreateSymbolicLinkPrivilege -Value $false #> [CmdletBinding(SupportsShouldProcess)] param( [Parameter(Mandatory=$true)][String]$Name, [Parameter(Mandatory=$true)][bool]$Value ) $action = switch($Value) { $true { "Enable" } $false { "Disable" } } $current_state = Get-AnsiblePrivilege -Name $Name if ($current_state -eq $Value) { return # no change needs to occur } elseif ($null -eq $current_state) { # once a privilege is removed from a token we cannot do anything with it throw [System.InvalidOperationException] "Cannot $($action.ToLower()) the privilege '$Name' as it has been removed from the token" } $process_token = [Ansible.PrivilegeUtil.Privileges]::GetCurrentProcess() if ($PSCmdlet.ShouldProcess($Name, "$action the privilege $Name")) { $new_state = New-Object -TypeName 'System.Collections.Generic.Dictionary`2[[System.String], [System.Nullable`1[System.Boolean]]]' $new_state.Add($Name, $Value) [Ansible.PrivilegeUtil.Privileges]::SetTokenPrivileges($process_token, $new_state) > $null } } Export-ModuleMember -Function Import-PrivilegeUtil, Get-AnsiblePrivilege, Set-AnsiblePrivilege ` -Variable ansible_privilege_util_namespaces, ansible_privilege_util_code ScriptBlock ID: bf144a8d-3c3f-4e03-a649-370e40358725 Path:	4104	1		3	2	15	0	1714	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:16 PM	fe3d87aa-a761-0002-cb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): # Copyright (c) 2018 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) # store in separate variables to make it easier for other module_utils to # share this code in their own c# code $ansible_privilege_util_namespaces = @( "Microsoft.Win32.SafeHandles", "System", "System.Collections.Generic", "System.Linq", "System.Runtime.InteropServices", "System.Security.Principal", "System.Text" ) $ansible_privilege_util_code = @' namespace Ansible.PrivilegeUtil { [Flags] public enum PrivilegeAttributes : uint { Disabled = 0x00000000, EnabledByDefault = 0x00000001, Enabled = 0x00000002, Removed = 0x00000004, UsedForAccess = 0x80000000, } internal class NativeHelpers { [StructLayout(LayoutKind.Sequential)] internal struct LUID { public UInt32 LowPart; public Int32 HighPart; } [StructLayout(LayoutKind.Sequential)] internal struct LUID_AND_ATTRIBUTES { public LUID Luid; public PrivilegeAttributes Attributes; } [StructLayout(LayoutKind.Sequential)] internal struct TOKEN_PRIVILEGES { public UInt32 PrivilegeCount; [MarshalAs(UnmanagedType.ByValArray, SizeConst = 1)] public LUID_AND_ATTRIBUTES[] Privileges; } } internal class NativeMethods { [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool AdjustTokenPrivileges( IntPtr TokenHandle, [MarshalAs(UnmanagedType.Bool)] bool DisableAllPrivileges, IntPtr NewState, UInt32 BufferLength, IntPtr PreviousState, out UInt32 ReturnLength); [DllImport("kernel32.dll")] internal static extern bool CloseHandle( IntPtr hObject); [DllImport("kernel32")] internal static extern SafeWaitHandle GetCurrentProcess(); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool GetTokenInformation( IntPtr TokenHandle, UInt32 TokenInformationClass, IntPtr TokenInformation, UInt32 TokenInformationLength, out UInt32 ReturnLength); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeName( string lpSystemName, ref NativeHelpers.LUID lpLuid, StringBuilder lpName, ref UInt32 cchName); [DllImport("advapi32.dll", SetLastError = true, CharSet = CharSet.Unicode)] internal static extern bool LookupPrivilegeValue( string lpSystemName, string lpName, out NativeHelpers.LUID lpLuid); [DllImport("advapi32.dll", SetLastError = true)] internal static extern bool OpenProcessToken( SafeHandle ProcessHandle, TokenAccessLevels DesiredAccess, out IntPtr TokenHandle); } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class Privileges { private static readonly UInt32 TOKEN_PRIVILEGES = 3; public static bool CheckPrivilegeName(string name) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, name, out luid)) { int errCode = Marshal.GetLastWin32Error(); if (errCode != 1313) // ERROR_NO_SUCH_PRIVILEGE throw new Win32Exception(errCode, String.Format("LookupPrivilegeValue({0}) failed", name)); return false; } else { return true; } } public static Dictionary<string, bool?> DisablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, false } }); } public static Dictionary<string, bool?> DisableAllPrivileges(SafeHandle token) { return AdjustTokenPrivileges(token, null); } public static Dictionary<string, bool?> EnablePrivilege(SafeHandle token, string privilege) { return SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, true } }); } public static Dictionary<String, PrivilegeAttributes> GetAllPrivilegeInfo(SafeHandle token) { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query, out hToken)) throw new Win32Exception("OpenProcessToken() failed"); Dictionary<String, PrivilegeAttributes> info = new Dictionary<String, PrivilegeAttributes>(); try { UInt32 tokenLength = 0; NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, IntPtr.Zero, 0, out tokenLength); NativeHelpers.LUID_AND_ATTRIBUTES[] privileges; IntPtr privilegesPtr = Marshal.AllocHGlobal((int)tokenLength); try { if (!NativeMethods.GetTokenInformation(hToken, TOKEN_PRIVILEGES, privilegesPtr, tokenLength, out tokenLength)) throw new Win32Exception("GetTokenInformation() for TOKEN_PRIVILEGES failed"); NativeHelpers.TOKEN_PRIVILEGES privilegeInfo = (NativeHelpers.TOKEN_PRIVILEGES)Marshal.PtrToStructure(privilegesPtr, typeof(NativeHelpers.TOKEN_PRIVILEGES)); privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[privilegeInfo.PrivilegeCount]; PtrToStructureArray(privileges, IntPtr.Add(privilegesPtr, Marshal.SizeOf(privilegeInfo.PrivilegeCount))); } finally { Marshal.FreeHGlobal(privilegesPtr); } info = privileges.ToDictionary(p => GetPrivilegeName(p.Luid), p => p.Attributes); } finally { NativeMethods.CloseHandle(hToken); } return info; } public static SafeWaitHandle GetCurrentProcess() { return NativeMethods.GetCurrentProcess(); } public static void RemovePrivilege(SafeHandle token, string privilege) { SetTokenPrivileges(token, new Dictionary<string, bool?>() { { privilege, null } }); } public static Dictionary<string, bool?> SetTokenPrivileges(SafeHandle token, Dictionary<string, bool?> state) { NativeHelpers.LUID_AND_ATTRIBUTES[] privilegeAttr = new NativeHelpers.LUID_AND_ATTRIBUTES[state.Count]; int i = 0; foreach (KeyValuePair<string, bool?> entry in state) { NativeHelpers.LUID luid; if (!NativeMethods.LookupPrivilegeValue(null, entry.Key, out luid)) throw new Win32Exception(String.Format("LookupPrivilegeValue({0}) failed", entry.Key)); PrivilegeAttributes attributes; switch (entry.Value) { case true: attributes = PrivilegeAttributes.Enabled; break; case false: attributes = PrivilegeAttributes.Disabled; break; default: attributes = PrivilegeAttributes.Removed; break; } privilegeAttr[i].Luid = luid; privilegeAttr[i].Attributes = attributes; i++; } return AdjustTokenPrivileges(token, privilegeAttr); } private static Dictionary<string, bool?> AdjustTokenPrivileges(SafeHandle token, NativeHelpers.LUID_AND_ATTRIBUTES[] newState) { bool disableAllPrivileges; IntPtr newStatePtr; NativeHelpers.LUID_AND_ATTRIBUTES[] oldStatePrivileges; UInt32 returnLength; if (newState == null) { disableAllPrivileges = true; newStatePtr = IntPtr.Zero; } else { disableAllPrivileges = false; // Need to manually marshal the bytes requires for newState as the constant size // of LUID_AND_ATTRIBUTES is set to 1 and can't be overridden at runtime, TOKEN_PRIVILEGES // always contains at least 1 entry so we need to calculate the extra size if there are // nore than 1 LUID_AND_ATTRIBUTES entry int tokenPrivilegesSize = Marshal.SizeOf(typeof(NativeHelpers.TOKEN_PRIVILEGES)); int luidAttrSize = 0; if (newState.Length > 1) luidAttrSize = Marshal.SizeOf(typeof(NativeHelpers.LUID_AND_ATTRIBUTES)) * (newState.Length - 1); int totalSize = tokenPrivilegesSize + luidAttrSize; byte[] newStateBytes = new byte[totalSize]; // get the first entry that includes the struct details NativeHelpers.TOKEN_PRIVILEGES tokenPrivileges = new NativeHelpers.TOKEN_PRIVILEGES() { PrivilegeCount = (UInt32)newState.Length, Privileges = new NativeHelpers.LUID_AND_ATTRIBUTES[1], }; if (newState.Length > 0) tokenPrivileges.Privileges[0] = newState[0]; int offset = StructureToBytes(tokenPrivileges, newStateBytes, 0); // copy the remaining LUID_AND_ATTRIBUTES (if any) for (int i = 1; i < newState.Length; i++) offset += StructureToBytes(newState[i], newStateBytes, offset); // finally create the pointer to the byte array we just created newStatePtr = Marshal.AllocHGlobal(newStateBytes.Length); Marshal.Copy(newStateBytes, 0, newStatePtr, newStateBytes.Length); } try { IntPtr hToken = IntPtr.Zero; if (!NativeMethods.OpenProcessToken(token, TokenAccessLevels.Query | TokenAccessLevels.AdjustPrivileges, out hToken)) throw new Win32Exception("OpenProcessToken() failed with Query and AdjustPrivileges"); try ScriptBlock ID: bf144a8d-3c3f-4e03-a649-370e40358725 Path:	4104	1		3	2	15	0	1713	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:16 PM	fe3d87aa-a761-0002-cb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) #Requires -Module Ansible.ModuleUtils.PrivilegeUtil Function Load-LinkUtils() { $link_util = @' using Microsoft.Win32.SafeHandles; using System; using System.Collections.Generic; using System.IO; using System.Runtime.InteropServices; using System.Text; namespace Ansible { public enum LinkType { SymbolicLink, JunctionPoint, HardLink } public class LinkUtilWin32Exception : System.ComponentModel.Win32Exception { private string _msg; public LinkUtilWin32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public LinkUtilWin32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator LinkUtilWin32Exception(string message) { return new LinkUtilWin32Exception(message); } } public class LinkInfo { public LinkType Type { get; internal set; } public string PrintName { get; internal set; } public string SubstituteName { get; internal set; } public string AbsolutePath { get; internal set; } public string TargetPath { get; internal set; } public string[] HardTargets { get; internal set; } } [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] public struct REPARSE_DATA_BUFFER { public UInt32 ReparseTag; public UInt16 ReparseDataLength; public UInt16 Reserved; public UInt16 SubstituteNameOffset; public UInt16 SubstituteNameLength; public UInt16 PrintNameOffset; public UInt16 PrintNameLength; [MarshalAs(UnmanagedType.ByValArray, SizeConst = LinkUtil.MAXIMUM_REPARSE_DATA_BUFFER_SIZE)] public char[] PathBuffer; } public class LinkUtil { public const int MAXIMUM_REPARSE_DATA_BUFFER_SIZE = 1024 * 16; private const UInt32 FILE_FLAG_BACKUP_SEMANTICS = 0x02000000; private const UInt32 FILE_FLAG_OPEN_REPARSE_POINT = 0x00200000; private const UInt32 FSCTL_GET_REPARSE_POINT = 0x000900A8; private const UInt32 FSCTL_SET_REPARSE_POINT = 0x000900A4; private const UInt32 FILE_DEVICE_FILE_SYSTEM = 0x00090000; private const UInt32 IO_REPARSE_TAG_MOUNT_POINT = 0xA0000003; private const UInt32 IO_REPARSE_TAG_SYMLINK = 0xA000000C; private const UInt32 SYMLINK_FLAG_RELATIVE = 0x00000001; private const Int64 INVALID_HANDLE_VALUE = -1; private const UInt32 SIZE_OF_WCHAR = 2; private const UInt32 SYMBOLIC_LINK_FLAG_FILE = 0x00000000; private const UInt32 SYMBOLIC_LINK_FLAG_DIRECTORY = 0x00000001; [DllImport("kernel32.dll", CharSet = CharSet.Auto)] private static extern SafeFileHandle CreateFile( string lpFileName, [MarshalAs(UnmanagedType.U4)] FileAccess dwDesiredAccess, [MarshalAs(UnmanagedType.U4)] FileShare dwShareMode, IntPtr lpSecurityAttributes, [MarshalAs(UnmanagedType.U4)] FileMode dwCreationDisposition, UInt32 dwFlagsAndAttributes, IntPtr hTemplateFile); // Used by GetReparsePointInfo() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, IntPtr lpInBuffer, UInt32 nInBufferSize, out REPARSE_DATA_BUFFER lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); // Used by CreateJunctionPoint() [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeviceIoControl( SafeFileHandle hDevice, UInt32 dwIoControlCode, REPARSE_DATA_BUFFER lpInBuffer, UInt32 nInBufferSize, IntPtr lpOutBuffer, UInt32 nOutBufferSize, out UInt32 lpBytesReturned, IntPtr lpOverlapped); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool GetVolumePathName( string lpszFileName, StringBuilder lpszVolumePathName, ref UInt32 cchBufferLength); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern IntPtr FindFirstFileNameW( string lpFileName, UInt32 dwFlags, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool FindNextFileNameW( IntPtr hFindStream, ref UInt32 StringLength, StringBuilder LinkName); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool FindClose( IntPtr hFindFile); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool RemoveDirectory( string lpPathName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool DeleteFile( string lpFileName); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateSymbolicLink( string lpSymlinkFileName, string lpTargetFileName, UInt32 dwFlags); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Auto)] private static extern bool CreateHardLink( string lpFileName, string lpExistingFileName, IntPtr lpSecurityAttributes); public static LinkInfo GetLinkInfo(string linkPath) { FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.ReparsePoint)) return GetReparsePointInfo(linkPath); if (!attr.HasFlag(FileAttributes.Directory)) return GetHardLinkInfo(linkPath); return null; } public static void DeleteLink(string linkPath) { bool success; FileAttributes attr = File.GetAttributes(linkPath); if (attr.HasFlag(FileAttributes.Directory)) { success = RemoveDirectory(linkPath); } else { success = DeleteFile(linkPath); } if (!success) throw new LinkUtilWin32Exception(String.Format("Failed to delete link at {0}", linkPath)); } public static void CreateLink(string linkPath, String linkTarget, LinkType linkType) { switch (linkType) { case LinkType.SymbolicLink: UInt32 linkFlags; FileAttributes attr = File.GetAttributes(linkTarget); if (attr.HasFlag(FileAttributes.Directory)) linkFlags = SYMBOLIC_LINK_FLAG_DIRECTORY; else linkFlags = SYMBOLIC_LINK_FLAG_FILE; if (!CreateSymbolicLink(linkPath, linkTarget, linkFlags)) throw new LinkUtilWin32Exception(String.Format("CreateSymbolicLink({0}, {1}, {2}) failed", linkPath, linkTarget, linkFlags)); break; case LinkType.JunctionPoint: CreateJunctionPoint(linkPath, linkTarget); break; case LinkType.HardLink: if (!CreateHardLink(linkPath, linkTarget, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("CreateHardLink({0}, {1}) failed", linkPath, linkTarget)); break; } } private static LinkInfo GetHardLinkInfo(string linkPath) { UInt32 maxPath = 260; List<string> result = new List<string>(); StringBuilder sb = new StringBuilder((int)maxPath); UInt32 stringLength = maxPath; if (!GetVolumePathName(linkPath, sb, ref stringLength)) throw new LinkUtilWin32Exception("GetVolumePathName() failed"); string volume = sb.ToString(); stringLength = maxPath; IntPtr findHandle = FindFirstFileNameW(linkPath, 0, ref stringLength, sb); if (findHandle.ToInt64() != INVALID_HANDLE_VALUE) { try { do { string hardLinkPath = sb.ToString(); if (hardLinkPath.StartsWith("\\")) hardLinkPath = hardLinkPath.Substring(1, hardLinkPath.Length - 1); result.Add(Path.Combine(volume, hardLinkPath)); stringLength = maxPath; } while (FindNextFileNameW(findHandle, ref stringLength, sb)); } finally { FindClose(findHandle); } } if (result.Count > 1) return new LinkInfo { Type = LinkType.HardLink, HardTargets = result.ToArray() }; return null; } private static LinkInfo GetReparsePointInfo(string linkPath) { SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Read, FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_OPEN_REPARSE_POINT | FILE_FLAG_BACKUP_SEMANTICS, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); UInt32 bytesReturned; try { if (!DeviceIoControl( fileHandle, FSCTL_GET_REPARSE_POINT, IntPtr.Zero, 0, out buffer, MAXIMUM_REPARSE_DATA_BUFFER_SIZE, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed for file at {0}", linkPath)); } finally { fileHandle.Dispose(); } bool isRelative = false; int pathOffset = 0; LinkType linkType; if (buffer.ReparseTag == IO_REPARSE_TAG_SYMLINK) { UInt32 bufferFlags = Convert.ToUInt32(buffer.PathBuffer[0]) + Convert.ToUInt32(buffer.PathBuffer[1]); if (bufferFlags == SYMLINK_FLAG_RELATIVE) isRelative = true; pathOffset = 2; linkType = LinkType.SymbolicLink; } else if (buffer.ReparseTag == IO_REPARSE_TAG_MOUNT_POINT) { linkType = LinkType.JunctionPoint; } else { string errorMessage = String.Format("Invalid Reparse Tag: {0}", buffer.ReparseTag.ToString()); throw new Exception(errorMessage); } string printName = new string(buffer.PathBuffer, (int)(buffer.PrintNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.PrintNameLength / SIZE_OF_WCHAR)); string substituteName = new string(buffer.PathBuffer, (int)(buffer.SubstituteNameOffset / SIZE_OF_WCHAR) + pathOffset, (int)(buffer.SubstituteNameLength / SIZE_OF_WCHAR)); // TODO: should we check for \?\UNC\server for convert it to the NT style \\server path // Remove the leading Windows object directory \?\ from the path if present string targetPath = substituteName; if (targetPath.StartsWith("\\??\\")) targetPath = targetPath.Substring(4, targetPath.Length - 4); string absolutePath = targetPath; if (isRelative) absolutePath = Path.GetFullPath(Path.Combine(new FileInfo(linkPath).Directory.FullName, targetPath)); return new LinkInfo { Type = linkType, PrintName = printName, SubstituteName = substituteName, AbsolutePath = absolutePath, TargetPath = targetPath }; } private static void CreateJunctionPoint(string linkPath, string linkTarget) { // We need to create the link as a dir beforehand Directory.CreateDirectory(linkPath); SafeFileHandle fileHandle = CreateFile( linkPath, FileAccess.Write, FileShare.Read | FileShare.Write | FileShare.None, IntPtr.Zero, FileMode.Open, FILE_FLAG_BACKUP_SEMANTICS | FILE_FLAG_OPEN_REPARSE_POINT, IntPtr.Zero); if (fileHandle.IsInvalid) throw new LinkUtilWin32Exception(String.Format("CreateFile({0}) failed", linkPath)); try { string substituteName = "\\??\\" + Path.GetFullPath(linkTarget); string printName = linkTarget; REPARSE_DATA_BUFFER buffer = new REPARSE_DATA_BUFFER(); buffer.SubstituteNameOffset = 0; buffer.SubstituteNameLength = (UInt16)(substituteName.Length * SIZE_OF_WCHAR); buffer.PrintNameOffset = (UInt16)(buffer.SubstituteNameLength + 2); buffer.PrintNameLength = (UInt16)(printName.Length * SIZE_OF_WCHAR); buffer.ReparseTag = IO_REPARSE_TAG_MOUNT_POINT; buffer.ReparseDataLength = (UInt16)(buffer.SubstituteNameLength + buffer.PrintNameLength + 12); buffer.PathBuffer = new char[MAXIMUM_REPARSE_DATA_BUFFER_SIZE]; byte[] unicodeBytes = Encoding.Unicode.GetBytes(substituteName + "\0" + printName); char[] pathBuffer = Encoding.Unicode.GetChars(unicodeBytes); Array.Copy(pathBuffer, buffer.PathBuffer, pathBuffer.Length); UInt32 bytesReturned; if (!DeviceIoControl( fileHandle, FSCTL_SET_REPARSE_POINT, buffer, (UInt32)(buffer.ReparseDataLength + 8), IntPtr.Zero, 0, out bytesReturned, IntPtr.Zero)) throw new LinkUtilWin32Exception(String.Format("DeviceIoControl() failed to create junction point at {0} to {1}", linkPath, linkTarget)); } finally { fileHandle.Dispose(); } } } } '@ # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $link_util $env:TMP = $original_tmp Import-PrivilegeUtil # enable the SeBackupPrivilege if it is disabled $state = Get-AnsiblePrivilege -Name SeBackupPrivilege if ($state -eq $false) { Set-AnsiblePrivilege -Name SeBackupPrivilege -Value $true } } Function Get-Link($link_path) { $link_info = [Ansible.LinkUtil]::GetLinkInfo($link_path) return $link_info } Function Remove-Link($link_path) { [Ansible.LinkUtil]::DeleteLink($link_path) } Function New-Link($link_path, $link_target, $link_type) { if (-not (Test-Path -Path $link_target)) { throw "link_target '$link_target' does not exist, cannot create link" } switch($link_type) { "link" { $type = [Ansible.LinkType]::SymbolicLink } "junction" { if (Test-Path -Path $link_target -PathType Leaf) { throw "cannot set the target for a junction point to a file" } $type = [Ansible.LinkType]::JunctionPoint } "hard" { if (Test-Path -Path $link_target -PathType Container) { throw "cannot set the target for a hard link to a directory" } $type = [Ansible.LinkType]::HardLink } default { throw "invalid link_type option $($link_type): expecting link, junction, hard" } } [Ansible.LinkUtil]::CreateLink($link_path, $link_target, $type) } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1fb5524c-4e93-4b26-8f07-bcee265f2733 Path:	4104	1		3	2	15	0	1712	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:16 PM	fe3d87aa-a761-0001-0c89-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: aaa801bb-eefd-4dd6-8389-9490e284a82d Path:	4104	1		3	2	15	0	1711	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:16 PM	fe3d87aa-a761-0003-7289-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (7 of 7): LVRpbWVTcGFuIC1TdGFydCAkc3RhcnRfZGF0ZSAtRW5kICRlbmRfZGF0ZSkuVG90YWxTZWNvbmRzCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCgokcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJwYXRoIiAtdHlwZSAicGF0aCIgLWZhaWxpZmVtcHR5ICR0cnVlIC1hbGlhc2VzICJkZXN0IiwibmFtZSIKJGdldF9tZDUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2V0X21kNSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQokZ2V0X2NoZWNrc3VtID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImdldF9jaGVja3N1bSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCiRjaGVja3N1bV9hbGdvcml0aG0gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hlY2tzdW1fYWxnb3JpdGhtIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAic2hhMSIgLXZhbGlkYXRlc2V0ICJtZDUiLCJzaGExIiwic2hhMjU2Iiwic2hhMzg0Iiwic2hhNTEyIgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCiAgICBzdGF0ID0gQHsKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfQoKIyBnZXRfbWQ1IHdpbGwgYmUgYW4gdW5kb2N1bWVudGVkIG9wdGlvbiBpbiAyLjkgdG8gYmUgcmVtb3ZlZCBhdCBhIGxhdGVyCiMgZGF0ZSBpZiBwb3NzaWJsZSAoMy4wKykKaWYgKEdldC1NZW1iZXIgLWlucHV0b2JqZWN0ICRwYXJhbXMgLW5hbWUgImdldF9tZDUiKSB7CiAgICBBZGQtRGVwcmVhY3Rpb25XYXJuaW5nIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiZ2V0X21kNSBoYXMgYmVlbiBkZXByZWNhdGVkIGFsb25nIHdpdGggdGhlIG1kNSByZXR1cm4gdmFsdWUsIHVzZSBnZXRfY2hlY2tzdW09VHJ1ZSBhbmQgY2hlY2tzdW1fYWxnb3JpdGhtPW1kNSBpbnN0ZWFkIiAtdmVyc2lvbiAyLjkKfQoKJGluZm8gPSBHZXQtQW5zaWJsZUl0ZW0gLVBhdGggJHBhdGggLUVycm9yQWN0aW9uIFNpbGVudGx5Q29udGludWUKSWYgKCRpbmZvIC1uZSAkbnVsbCkgewogICAgJGVwb2NoX2RhdGUgPSBHZXQtRGF0ZSAtRGF0ZSAiMDEvMDEvMTk3MCIKICAgICRhdHRyaWJ1dGVzID0gQCgpCiAgICBmb3JlYWNoICgkYXR0cmlidXRlIGluICgkaW5mby5BdHRyaWJ1dGVzIC1zcGxpdCAnLCcpKSB7CiAgICAgICAgJGF0dHJpYnV0ZXMgKz0gJGF0dHJpYnV0ZS5UcmltKCkKICAgIH0KCiAgICAjIGRlZmF1bHQgdmFsdWVzIHRoYXQgYXJlIGFsd2F5cyBzZXQsIHNwZWNpZmljIHZhbHVlcyBhcmUgc2V0IGJlbG93IHRoaXMKICAgICMgYnV0IGFyZSBrZXB0IGNvbW1lbnRlZCBmb3IgZWFzaWVyIHJlYWRhYmlsaXR5CiAgICAkc3RhdCA9IEB7CiAgICAgICAgZXhpc3RzID0gJHRydWUKICAgICAgICBhdHRyaWJ1dGVzID0gJGluZm8uQXR0cmlidXRlcy5Ub1N0cmluZygpCiAgICAgICAgaXNhcmNoaXZlID0gKCRhdHRyaWJ1dGVzIC1jb250YWlucyAiQXJjaGl2ZSIpCiAgICAgICAgaXNkaXIgPSAkZmFsc2UKICAgICAgICBpc2hpZGRlbiA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIkhpZGRlbiIpCiAgICAgICAgaXNqdW5jdGlvbiA9ICRmYWxzZQogICAgICAgIGlzbG5rID0gJGZhbHNlCiAgICAgICAgaXNyZWFkb25seSA9ICgkYXR0cmlidXRlcyAtY29udGFpbnMgIlJlYWRPbmx5IikKICAgICAgICBpc3JlZyA9ICRmYWxzZQogICAgICAgIGlzc2hhcmVkID0gJGZhbHNlCiAgICAgICAgbmxpbmsgPSAxICAjIE51bWJlciBvZiBsaW5rcyB0byB0aGUgZmlsZSAoaGFyZCBsaW5rcyksIG92ZXJyaWRlbiBiZWxvdyBpZiBpc2xuawogICAgICAgICMgbG5rX3RhcmdldCA9IGlzbG5rIG9yIGlzanVuY3Rpb24gVGFyZ2V0IG9mIHRoZSBzeW1saW5rLiBOb3RlIHRoYXQgcmVsYXRpdmUgcGF0aHMgcmVtYWluIHJlbGF0aXZlCiAgICAgICAgIyBsbmtfc291cmNlID0gaXNsbmsgb3MgaXNqdW5jdGlvbiBUYXJnZXQgb2YgdGhlIHN5bWxpbmsgbm9ybWFsaXplZCBmb3IgdGhlIHJlbW90ZSBmaWxlc3lzdGVtCiAgICAgICAgaGxua190YXJnZXRzID0gQCgpCiAgICAgICAgY3JlYXRpb250aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkNyZWF0aW9uVGltZSkKICAgICAgICBsYXN0YWNjZXNzdGltZSA9IChEYXRlVG8tVGltZXN0YW1wIC1zdGFydF9kYXRlICRlcG9jaF9kYXRlIC1lbmRfZGF0ZSAkaW5mby5MYXN0QWNjZXNzVGltZSkKICAgICAgICBsYXN0d3JpdGV0aW1lID0gKERhdGVUby1UaW1lc3RhbXAgLXN0YXJ0X2RhdGUgJGVwb2NoX2RhdGUgLWVuZF9kYXRlICRpbmZvLkxhc3RXcml0ZVRpbWUpCiAgICAgICAgIyBzaXplID0gYSBmaWxlIGFuZCBkaXJlY3RvcnkgLSBjYWxjdWxhdGVkIGJlbG93CiAgICAgICAgcGF0aCA9ICRpbmZvLkZ1bGxOYW1lCiAgICAgICAgZmlsZW5hbWUgPSAkaW5mby5OYW1lCiAgICAgICAgIyBleHRlbnNpb24gPSBhIGZpbGUKICAgICAgICAjIG93bmVyID0gc2V0IG91dHNpdGUgdGhpcyBkaWN0IGluIGNhc2UgaXQgZmFpbHMKICAgICAgICAjIHNoYXJlbmFtZSA9IGEgZGlyZWN0b3J5IGFuZCBpc3NoYXJlZCBpcyBUcnVlCiAgICAgICAgIyBjaGVja3N1bSA9IGEgZmlsZSBhbmQgZ2V0X2NoZWNrc3VtOiBUcnVlCiAgICAgICAgIyBtZDUgPSBhIGZpbGUgYW5kIGdldF9tZDU6IFRydWUKICAgIH0KICAgICRzdGF0Lm93bmVyID0gJGluZm8uR2V0QWNjZXNzQ29udHJvbCgpLk93bmVyCgogICAgIyB2YWx1ZXMgdGhhdCBhcmUgc2V0IGFjY29yZGluZyB0byB0aGUgdHlwZSBvZiBmaWxlCiAgICBpZiAoJGluZm8uQXR0cmlidXRlcy5IYXNGbGFnKFtTeXN0ZW0uSU8uRmlsZUF0dHJpYnV0ZXNdOjpEaXJlY3RvcnkpKSB7CiAgICAgICAgJHN0YXQuaXNkaXIgPSAkdHJ1ZQogICAgICAgICRzaGFyZV9pbmZvID0gR2V0LVdtaU9iamVjdCAtQ2xhc3MgV2luMzJfU2hhcmUgLUZpbHRlciAiUGF0aD0nJCgkc3RhdC5wYXRoIC1yZXBsYWNlICdcXCcsICdcXCcpJyIKICAgICAgICBpZiAoJHNoYXJlX2luZm8gLW5lICRudWxsKSB7CiAgICAgICAgICAgICRzdGF0Lmlzc2hhcmVkID0gJHRydWUKICAgICAgICAgICAgJHN0YXQuc2hhcmVuYW1lID0gJHNoYXJlX2luZm8uTmFtZQogICAgICAgIH0KCiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHNpemUgPSAwCiAgICAgICAgICAgIGZvcmVhY2ggKCRmaWxlIGluICRpbmZvLkVudW1lcmF0ZUZpbGVzKCIqIiwgW1N5c3RlbS5JTy5TZWFyY2hPcHRpb25dOjpBbGxEaXJlY3RvcmllcykpIHsKICAgICAgICAgICAgICAgICRzaXplICs9ICRmaWxlLkxlbmd0aAogICAgICAgICAgICB9CiAgICAgICAgICAgICRzdGF0LnNpemUgPSAkc2l6ZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICAkc3RhdC5zaXplID0gMAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHN0YXQuZXh0ZW5zaW9uID0gJGluZm8uRXh0ZW5zaW9uCiAgICAgICAgJHN0YXQuaXNyZWcgPSAkdHJ1ZQogICAgICAgICRzdGF0LnNpemUgPSAkaW5mby5MZW5ndGgKCiAgICAgICAgaWYgKCRnZXRfbWQ1KSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3RhdC5tZDUgPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gIm1kNSIKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gZ2V0IE1ENSBoYXNoIG9mIGZpbGUsIHJlbW92ZSBnZXRfbWQ1IHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgICAgICBpZiAoJGdldF9jaGVja3N1bSkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgJHN0YXQuY2hlY2tzdW0gPSBHZXQtRmlsZUNoZWNrc3VtIC1wYXRoICRwYXRoIC1hbGdvcml0aG0gJGNoZWNrc3VtX2FsZ29yaXRobQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBnZXQgaGFzaCBvZiBmaWxlLCBzZXQgZ2V0X2NoZWNrc3VtIHRvIEZhbHNlIHRvIGlnbm9yZSB0aGlzIGVycm9yOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAjIEdldCBzeW1ib2xpYyBsaW5rLCBqdW5jdGlvbiBwb2ludCwgaGFyZCBsaW5rIGluZm8KICAgIExvYWQtTGlua1V0aWxzCiAgICB0cnkgewogICAgICAgICRsaW5rX2luZm8gPSBHZXQtTGluayAtbGlua19wYXRoICRpbmZvLkZ1bGxOYW1lCiAgICB9IGNhdGNoIHsKICAgICAgICBBZGQtV2FybmluZyAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBjaGVjay9nZXQgbGluayBpbmZvIGZvciBmaWxlOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KICAgIGlmICgkbGlua19pbmZvIC1uZSAkbnVsbCkgewogICAgICAgIHN3aXRjaCAoJGxpbmtfaW5mby5UeXBlKSB7CiAgICAgICAgICAgICJTeW1ib2xpY0xpbmsiIHsKICAgICAgICAgICAgICAgICRzdGF0LmlzbG5rID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJKdW5jdGlvblBvaW50IiB7CiAgICAgICAgICAgICAgICAkc3RhdC5pc2p1bmN0aW9uID0gJHRydWUKICAgICAgICAgICAgICAgICRzdGF0LmlzcmVnID0gJGZhbHNlCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfdGFyZ2V0ID0gJGxpbmtfaW5mby5UYXJnZXRQYXRoCiAgICAgICAgICAgICAgICAkc3RhdC5sbmtfc291cmNlID0gJGxpbmtfaW5mby5BYnNvbHV0ZVBhdGggICAgICAgICAgICAgICAgCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgICAgICJIYXJkTGluayIgewogICAgICAgICAgICAgICAgJHN0YXQubG5rX3R5cGUgPSAiaGFyZCIKICAgICAgICAgICAgICAgICRzdGF0Lm5saW5rID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cy5Db3VudAoKICAgICAgICAgICAgICAgICMgcmVtb3ZlIGN1cnJlbnQgcGF0aCBmcm9tIHRoZSB0YXJnZXRzCiAgICAgICAgICAgICAgICAkaGxua190YXJnZXRzID0gJGxpbmtfaW5mby5IYXJkVGFyZ2V0cyB8IFdoZXJlLU9iamVjdCB7ICRfIC1uZSAkc3RhdC5wYXRoIH0KICAgICAgICAgICAgICAgICRzdGF0LmhsbmtfdGFyZ2V0cyA9IEAoJGhsbmtfdGFyZ2V0cykKICAgICAgICAgICAgICAgIGJyZWFrCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgJHJlc3VsdC5zdGF0ID0gJHN0YXQKfQoKRXhpdC1Kc29uICRyZXN1bHQK", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_stat", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_check_mode": false, "get_checksum": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\log\\nova-compute.log", "get_md5": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1710	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 7): AgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5GaWxlVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxpbmtVdGlsCgpmdW5jdGlvbiBEYXRlVG8tVGltZXN0YW1wKCRzdGFydF9kYXRlLCAkZW5kX2RhdGUpIHsKICAgIGlmICgkc3RhcnRfZGF0ZSAtYW5kICRlbmRfZGF0ZSkgewogICAgICAgIHJldHVybiAoTmV3 ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1709	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 7): mtUYXJnZXQ7CgogICAgICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICAgICAgYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0ID0gMDsKICAgICAgICAgICAgICAgIGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCA9IChVSW50MTYpKHN1YnN0aXR1dGVOYW1lLkxlbmd0aCAqIFNJWkVfT0ZfV0NIQVIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZU9mZnNldCA9IChVSW50MTYpKGJ1ZmZlci5TdWJzdGl0dXRlTmFtZUxlbmd0aCArIDIpOwogICAgICAgICAgICAgICAgYnVmZmVyLlByaW50TmFtZUxlbmd0aCA9IChVSW50MTYpKHByaW50TmFtZS5MZW5ndGggKiBTSVpFX09GX1dDSEFSKTsKCiAgICAgICAgICAgICAgICBidWZmZXIuUmVwYXJzZVRhZyA9IElPX1JFUEFSU0VfVEFHX01PVU5UX1BPSU5UOwogICAgICAgICAgICAgICAgYnVmZmVyLlJlcGFyc2VEYXRhTGVuZ3RoID0gKFVJbnQxNikoYnVmZmVyLlN1YnN0aXR1dGVOYW1lTGVuZ3RoICsgYnVmZmVyLlByaW50TmFtZUxlbmd0aCArIDEyKTsKICAgICAgICAgICAgICAgIGJ1ZmZlci5QYXRoQnVmZmVyID0gbmV3IGNoYXJbTUFYSU1VTV9SRVBBUlNFX0RBVEFfQlVGRkVSX1NJWkVdOwoKICAgICAgICAgICAgICAgIGJ5dGVbXSB1bmljb2RlQnl0ZXMgPSBFbmNvZGluZy5Vbmljb2RlLkdldEJ5dGVzKHN1YnN0aXR1dGVOYW1lICsgIlwwIiArIHByaW50TmFtZSk7CiAgICAgICAgICAgICAgICBjaGFyW10gcGF0aEJ1ZmZlciA9IEVuY29kaW5nLlVuaWNvZGUuR2V0Q2hhcnModW5pY29kZUJ5dGVzKTsKICAgICAgICAgICAgICAgIEFycmF5LkNvcHkocGF0aEJ1ZmZlciwgYnVmZmVyLlBhdGhCdWZmZXIsIHBhdGhCdWZmZXIuTGVuZ3RoKTsKCiAgICAgICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIChVSW50MzIpKGJ1ZmZlci5SZXBhcnNlRGF0YUxlbmd0aCArIDgpLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLCAwLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgdG8gY3JlYXRlIGp1bmN0aW9uIHBvaW50IGF0IHswfSB0byB7MX0iLCBsaW5rUGF0aCwgbGlua1RhcmdldCkpOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZmlsZUhhbmRsZS5EaXNwb3NlKCk7CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9Cn0KJ0AKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRsaW5rX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAoKICAgIEltcG9ydC1Qcml2aWxlZ2VVdGlsCiAgICAjIGVuYWJsZSB0aGUgU2VCYWNrdXBQcml2aWxlZ2UgaWYgaXQgaXMgZGlzYWJsZWQKICAgICRzdGF0ZSA9IEdldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQmFja3VwUHJpdmlsZWdlCiAgICBpZiAoJHN0YXRlIC1lcSAkZmFsc2UpIHsKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZSAtTmFtZSBTZUJhY2t1cFByaXZpbGVnZSAtVmFsdWUgJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUxpbmsoJGxpbmtfcGF0aCkgewogICAgJGxpbmtfaW5mbyA9IFtBbnNpYmxlLkxpbmtVdGlsXTo6R2V0TGlua0luZm8oJGxpbmtfcGF0aCkKICAgIHJldHVybiAkbGlua19pbmZvCn0KCkZ1bmN0aW9uIFJlbW92ZS1MaW5rKCRsaW5rX3BhdGgpIHsKICAgIFtBbnNpYmxlLkxpbmtVdGlsXTo6RGVsZXRlTGluaygkbGlua19wYXRoKQp9CgpGdW5jdGlvbiBOZXctTGluaygkbGlua19wYXRoLCAkbGlua190YXJnZXQsICRsaW5rX3R5cGUpIHsKICAgIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0KSkgewogICAgICAgIHRocm93ICJsaW5rX3RhcmdldCAnJGxpbmtfdGFyZ2V0JyBkb2VzIG5vdCBleGlzdCwgY2Fubm90IGNyZWF0ZSBsaW5rIgogICAgfQogICAgCiAgICBzd2l0Y2goJGxpbmtfdHlwZSkgewogICAgICAgICJsaW5rIiB7CiAgICAgICAgICAgICR0eXBlID0gW0Fuc2libGUuTGlua1R5cGVdOjpTeW1ib2xpY0xpbmsKICAgICAgICB9CiAgICAgICAgImp1bmN0aW9uIiB7CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGxpbmtfdGFyZ2V0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGp1bmN0aW9uIHBvaW50IHRvIGEgZmlsZSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SnVuY3Rpb25Qb2ludAogICAgICAgIH0KICAgICAgICAiaGFyZCIgewogICAgICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRsaW5rX3RhcmdldCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgICAgICB0aHJvdyAiY2Fubm90IHNldCB0aGUgdGFyZ2V0IGZvciBhIGhhcmQgbGluayB0byBhIGRpcmVjdG9yeSIKICAgICAgICAgICAgfQogICAgICAgICAgICAkdHlwZSA9IFtBbnNpYmxlLkxpbmtUeXBlXTo6SGFyZExpbmsKICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIGxpbmtfdHlwZSBvcHRpb24gJCgkbGlua190eXBlKTogZXhwZWN0aW5nIGxpbmssIGp1bmN0aW9uLCBoYXJkIiB9CiAgICB9CiAgICBbQW5zaWJsZS5MaW5rVXRpbF06OkNyZWF0ZUxpbmsoJGxpbmtfcGF0aCwgJGxpbmtfdGFyZ2V0LCAkdHlwZSkKfQoKIyB0aGlzIGxpbmUgbXVzdCBzdGF5IGF0IHRoZSBib3R0b20gdG8gZW5zdXJlIGFsbCBkZWZpbmVkIG1vZHVsZSBwYXJ0cyBhcmUgZXhwb3J0ZWQKRXhwb3J0LU1vZHVsZU1lbWJlciAtQWxpYXMgKiAtRnVuY3Rpb24gKiAtQ21kbGV0ICoK", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgIC ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1708	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 7): 5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBHZXRWb2x1bWVQYXRoTmFtZSgKICAgICAgICAgICAgc3RyaW5nIGxwc3pGaWxlTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscHN6Vm9sdW1lUGF0aE5hbWUsCiAgICAgICAgICAgIHJlZiBVSW50MzIgY2NoQnVmZmVyTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIEludFB0ciBGaW5kRmlyc3RGaWxlTmFtZVcoCiAgICAgICAgICAgIHN0cmluZyBscEZpbGVOYW1lLAogICAgICAgICAgICBVSW50MzIgZHdGbGFncywKICAgICAgICAgICAgcmVmIFVJbnQzMiBTdHJpbmdMZW5ndGgsCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgTGlua05hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBGaW5kTmV4dEZpbGVOYW1lVygKICAgICAgICAgICAgSW50UHRyIGhGaW5kU3RyZWFtLAogICAgICAgICAgICByZWYgVUludDMyIFN0cmluZ0xlbmd0aCwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBMaW5rTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEZpbmRDbG9zZSgKICAgICAgICAgICAgSW50UHRyIGhGaW5kRmlsZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIFJlbW92ZURpcmVjdG9yeSgKICAgICAgICAgICAgc3RyaW5nIGxwUGF0aE5hbWUpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBEZWxldGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIENyZWF0ZVN5bWJvbGljTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwU3ltbGlua0ZpbGVOYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBUYXJnZXRGaWxlTmFtZSwKICAgICAgICAgICAgVUludDMyIGR3RmxhZ3MpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC5BdXRvKV0KICAgICAgICBwcml2YXRlIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVIYXJkTGluaygKICAgICAgICAgICAgc3RyaW5nIGxwRmlsZU5hbWUsCiAgICAgICAgICAgIHN0cmluZyBscEV4aXN0aW5nRmlsZU5hbWUsCiAgICAgICAgICAgIEludFB0ciBscFNlY3VyaXR5QXR0cmlidXRlcyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgTGlua0luZm8gR2V0TGlua0luZm8oc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rUGF0aCk7CiAgICAgICAgICAgIGlmIChhdHRyLkhhc0ZsYWcoRmlsZUF0dHJpYnV0ZXMuUmVwYXJzZVBvaW50KSkKICAgICAgICAgICAgICAgIHJldHVybiBHZXRSZXBhcnNlUG9pbnRJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIGlmICghYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICByZXR1cm4gR2V0SGFyZExpbmtJbmZvKGxpbmtQYXRoKTsKCiAgICAgICAgICAgIHJldHVybiBudWxsOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyB2b2lkIERlbGV0ZUxpbmsoc3RyaW5nIGxpbmtQYXRoKQogICAgICAgIHsKICAgICAgICAgICAgYm9vbCBzdWNjZXNzOwogICAgICAgICAgICBGaWxlQXR0cmlidXRlcyBhdHRyID0gRmlsZS5HZXRBdHRyaWJ1dGVzKGxpbmtQYXRoKTsKICAgICAgICAgICAgaWYgKGF0dHIuSGFzRmxhZyhGaWxlQXR0cmlidXRlcy5EaXJlY3RvcnkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzdWNjZXNzID0gUmVtb3ZlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIHN1Y2Nlc3MgPSBEZWxldGVGaWxlKGxpbmtQYXRoKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgaWYgKCFzdWNjZXNzKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiRmFpbGVkIHRvIGRlbGV0ZSBsaW5rIGF0IHswfSIsIGxpbmtQYXRoKSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgQ3JlYXRlTGluayhzdHJpbmcgbGlua1BhdGgsIFN0cmluZyBsaW5rVGFyZ2V0LCBMaW5rVHlwZSBsaW5rVHlwZSkKICAgICAgICB7CiAgICAgICAgICAgIHN3aXRjaCAobGlua1R5cGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGNhc2UgTGlua1R5cGUuU3ltYm9saWNMaW5rOgogICAgICAgICAgICAgICAgICAgIFVJbnQzMiBsaW5rRmxhZ3M7CiAgICAgICAgICAgICAgICAgICAgRmlsZUF0dHJpYnV0ZXMgYXR0ciA9IEZpbGUuR2V0QXR0cmlidXRlcyhsaW5rVGFyZ2V0KTsKICAgICAgICAgICAgICAgICAgICBpZiAoYXR0ci5IYXNGbGFnKEZpbGVBdHRyaWJ1dGVzLkRpcmVjdG9yeSkpCiAgICAgICAgICAgICAgICAgICAgICAgIGxpbmtGbGFncyA9IFNZTUJPTElDX0xJTktfRkxBR19ESVJFQ1RPUlk7CiAgICAgICAgICAgICAgICAgICAgZWxzZQogICAgICAgICAgICAgICAgICAgICAgICBsaW5rRmxhZ3MgPSBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRTsKCiAgICAgICAgICAgICAgICAgICAgaWYgKCFDcmVhdGVTeW1ib2xpY0xpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIGxpbmtGbGFncykpCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZVN5bWJvbGljTGluayh7MH0sIHsxfSwgezJ9KSBmYWlsZWQiLCBsaW5rUGF0aCwgbGlua1RhcmdldCwgbGlua0ZsYWdzKSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkp1bmN0aW9uUG9pbnQ6CiAgICAgICAgICAgICAgICAgICAgQ3JlYXRlSnVuY3Rpb25Qb2ludChsaW5rUGF0aCwgbGlua1RhcmdldCk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICBjYXNlIExpbmtUeXBlLkhhcmRMaW5rOgogICAgICAgICAgICAgICAgICAgIGlmICghQ3JlYXRlSGFyZExpbmsobGlua1BhdGgsIGxpbmtUYXJnZXQsIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlSGFyZExpbmsoezB9LCB7MX0pIGZhaWxlZCIsIGxpbmtQYXRoLCBsaW5rVGFyZ2V0KSk7CiAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgIH0KICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIExpbmtJbmZvIEdldEhhcmRMaW5rSW5mbyhzdHJpbmcgbGlua1BhdGgpCiAgICAgICAgewogICAgICAgICAgICBVSW50MzIgbWF4UGF0aCA9IDI2MDsKICAgICAgICAgICAgTGlzdDxzdHJpbmc+IHJlc3VsdCA9IG5ldyBMaXN0PHN0cmluZz4oKTsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgc2IgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KW1heFBhdGgpOwogICAgICAgICAgICBVSW50MzIgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgaWYgKCFHZXRWb2x1bWVQYXRoTmFtZShsaW5rUGF0aCwgc2IsIHJlZiBzdHJpbmdMZW5ndGgpKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oIkdldFZvbHVtZVBhdGhOYW1lKCkgZmFpbGVkIik7CiAgICAgICAgICAgIHN0cmluZyB2b2x1bWUgPSBzYi5Ub1N0cmluZygpOwoKICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKICAgICAgICAgICAgSW50UHRyIGZpbmRIYW5kbGUgPSBGaW5kRmlyc3RGaWxlTmFtZVcobGlua1BhdGgsIDAsIHJlZiBzdHJpbmdMZW5ndGgsIHNiKTsKICAgICAgICAgICAgaWYgKGZpbmRIYW5kbGUuVG9JbnQ2NCgpICE9IElOVkFMSURfSEFORExFX1ZBTFVFKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBkbwogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nIGhhcmRMaW5rUGF0aCA9IHNiLlRvU3RyaW5nKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChoYXJkTGlua1BhdGguU3RhcnRzV2l0aCgiXFwiKSkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGhhcmRMaW5rUGF0aCA9IGhhcmRMaW5rUGF0aC5TdWJzdHJpbmcoMSwgaGFyZExpbmtQYXRoLkxlbmd0aCAtIDEpOwoKICAgICAgICAgICAgICAgICAgICAgICAgcmVzdWx0LkFkZChQYXRoLkNvbWJpbmUodm9sdW1lLCBoYXJkTGlua1BhdGgpKTsKICAgICAgICAgICAgICAgICAgICAgICAgc3RyaW5nTGVuZ3RoID0gbWF4UGF0aDsKCiAgICAgICAgICAgICAgICAgICAgfSB3aGlsZSAoRmluZE5leHRGaWxlTmFtZVcoZmluZEhhbmRsZSwgcmVmIHN0cmluZ0xlbmd0aCwgc2IpKTsKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBGaW5kQ2xvc2UoZmluZEhhbmRsZSk7CiAgICAgICAgICAgICAgICB9ICAgICAgICAgICAgICAgIAogICAgICAgICAgICB9CgogICAgICAgICAgICBpZiAocmVzdWx0LkNvdW50ID4gMSkKICAgICAgICAgICAgICAgIHJldHVybiBuZXcgTGlua0luZm8KICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBUeXBlID0gTGlua1R5cGUuSGFyZExpbmssCiAgICAgICAgICAgICAgICAgICAgSGFyZFRhcmdldHMgPSByZXN1bHQuVG9BcnJheSgpCiAgICAgICAgICAgICAgICB9OwoKICAgICAgICAgICAgcmV0dXJuIG51bGw7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBMaW5rSW5mbyBHZXRSZXBhcnNlUG9pbnRJbmZvKHN0cmluZyBsaW5rUGF0aCkKICAgICAgICB7CiAgICAgICAgICAgIFNhZmVGaWxlSGFuZGxlIGZpbGVIYW5kbGUgPSBDcmVhdGVGaWxlKAogICAgICAgICAgICAgICAgbGlua1BhdGgsCiAgICAgICAgICAgICAgICBGaWxlQWNjZXNzLlJlYWQsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuTm9uZSwKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgRmlsZU1vZGUuT3BlbiwKICAgICAgICAgICAgICAgIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgfCBGSUxFX0ZMQUdfQkFDS1VQX1NFTUFOVElDUywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKTsKCiAgICAgICAgICAgIGlmIChmaWxlSGFuZGxlLklzSW52YWxpZCkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKFN0cmluZy5Gb3JtYXQoIkNyZWF0ZUZpbGUoezB9KSBmYWlsZWQiLCBsaW5rUGF0aCkpOyAgICAgICAgICAgIAoKICAgICAgICAgICAgUkVQQVJTRV9EQVRBX0JVRkZFUiBidWZmZXIgPSBuZXcgUkVQQVJTRV9EQVRBX0JVRkZFUigpOwogICAgICAgICAgICBVSW50MzIgYnl0ZXNSZXR1cm5lZDsKICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGlmICghRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUsCiAgICAgICAgICAgICAgICAgICAgRlNDVExfR0VUX1JFUEFSU0VfUE9JTlQsCiAgICAgICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICAgICAgMCwKICAgICAgICAgICAgICAgICAgICBvdXQgYnVmZmVyLAogICAgICAgICAgICAgICAgICAgIE1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFLAogICAgICAgICAgICAgICAgICAgIG91dCBieXRlc1JldHVybmVkLAogICAgICAgICAgICAgICAgICAgIEludFB0ci5aZXJvKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJEZXZpY2VJb0NvbnRyb2woKSBmYWlsZWQgZm9yIGZpbGUgYXQgezB9IiwgbGlua1BhdGgpKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIGZpbGVIYW5kbGUuRGlzcG9zZSgpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBib29sIGlzUmVsYXRpdmUgPSBmYWxzZTsKICAgICAgICAgICAgaW50IHBhdGhPZmZzZXQgPSAwOwogICAgICAgICAgICBMaW5rVHlwZSBsaW5rVHlwZTsKICAgICAgICAgICAgaWYgKGJ1ZmZlci5SZXBhcnNlVGFnID09IElPX1JFUEFSU0VfVEFHX1NZTUxJTkspCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFVJbnQzMiBidWZmZXJGbGFncyA9IENvbnZlcnQuVG9VSW50MzIoYnVmZmVyLlBhdGhCdWZmZXJbMF0pICsgQ29udmVydC5Ub1VJbnQzMihidWZmZXIuUGF0aEJ1ZmZlclsxXSk7CiAgICAgICAgICAgICAgICBpZiAoYnVmZmVyRmxhZ3MgPT0gU1lNTElOS19GTEFHX1JFTEFUSVZFKQogICAgICAgICAgICAgICAgICAgIGlzUmVsYXRpdmUgPSB0cnVlOwogICAgICAgICAgICAgICAgcGF0aE9mZnNldCA9IDI7CiAgICAgICAgICAgICAgICBsaW5rVHlwZSA9IExpbmtUeXBlLlN5bWJvbGljTGluazsKICAgICAgICAgICAgfQogICAgICAgICAgICBlbHNlIGlmIChidWZmZXIuUmVwYXJzZVRhZyA9PSBJT19SRVBBUlNFX1RBR19NT1VOVF9QT0lOVCkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgbGlua1R5cGUgPSBMaW5rVHlwZS5KdW5jdGlvblBvaW50OwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIGVycm9yTWVzc2FnZSA9IFN0cmluZy5Gb3JtYXQoIkludmFsaWQgUmVwYXJzZSBUYWc6IHswfSIsIGJ1ZmZlci5SZXBhcnNlVGFnLlRvU3RyaW5nKCkpOwogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEV4Y2VwdGlvbihlcnJvck1lc3NhZ2UpOwogICAgICAgICAgICB9CgogICAgICAgICAgICBzdHJpbmcgcHJpbnROYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlByaW50TmFtZU9mZnNldCAvIFNJWkVfT0ZfV0NIQVIpICsgcGF0aE9mZnNldCwgKGludCkoYnVmZmVyLlByaW50TmFtZUxlbmd0aCAvIFNJWkVfT0ZfV0NIQVIpKTsKICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gbmV3IHN0cmluZyhidWZmZXIuUGF0aEJ1ZmZlciwgKGludCkoYnVmZmVyLlN1YnN0aXR1dGVOYW1lT2Zmc2V0IC8gU0laRV9PRl9XQ0hBUikgKyBwYXRoT2Zmc2V0LCAoaW50KShidWZmZXIuU3Vic3RpdHV0ZU5hbWVMZW5ndGggLyBTSVpFX09GX1dDSEFSKSk7CgogICAgICAgICAgICAvLyBUT0RPOiBzaG91bGQgd2UgY2hlY2sgZm9yIFw/XFVOQ1xzZXJ2ZXIgZm9yIGNvbnZlcnQgaXQgdG8gdGhlIE5UIHN0eWxlIFxcc2VydmVyIHBhdGgKICAgICAgICAgICAgLy8gUmVtb3ZlIHRoZSBsZWFkaW5nIFdpbmRvd3Mgb2JqZWN0IGRpcmVjdG9yeSBcP1wgZnJvbSB0aGUgcGF0aCBpZiBwcmVzZW50CiAgICAgICAgICAgIHN0cmluZyB0YXJnZXRQYXRoID0gc3Vic3RpdHV0ZU5hbWU7CiAgICAgICAgICAgIGlmICh0YXJnZXRQYXRoLlN0YXJ0c1dpdGgoIlxcPz9cXCIpKQogICAgICAgICAgICAgICAgdGFyZ2V0UGF0aCA9IHRhcmdldFBhdGguU3Vic3RyaW5nKDQsIHRhcmdldFBhdGguTGVuZ3RoIC0gNCk7CgogICAgICAgICAgICBzdHJpbmcgYWJzb2x1dGVQYXRoID0gdGFyZ2V0UGF0aDsKICAgICAgICAgICAgaWYgKGlzUmVsYXRpdmUpCiAgICAgICAgICAgICAgICBhYnNvbHV0ZVBhdGggPSBQYXRoLkdldEZ1bGxQYXRoKFBhdGguQ29tYmluZShuZXcgRmlsZUluZm8obGlua1BhdGgpLkRpcmVjdG9yeS5GdWxsTmFtZSwgdGFyZ2V0UGF0aCkpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBMaW5rSW5mbwogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBUeXBlID0gbGlua1R5cGUsCiAgICAgICAgICAgICAgICBQcmludE5hbWUgPSBwcmludE5hbWUsCiAgICAgICAgICAgICAgICBTdWJzdGl0dXRlTmFtZSA9IHN1YnN0aXR1dGVOYW1lLAogICAgICAgICAgICAgICAgQWJzb2x1dGVQYXRoID0gYWJzb2x1dGVQYXRoLAogICAgICAgICAgICAgICAgVGFyZ2V0UGF0aCA9IHRhcmdldFBhdGgKICAgICAgICAgICAgfTsKICAgICAgICB9CgogICAgICAgIHByaXZhdGUgc3RhdGljIHZvaWQgQ3JlYXRlSnVuY3Rpb25Qb2ludChzdHJpbmcgbGlua1BhdGgsIHN0cmluZyBsaW5rVGFyZ2V0KQogICAgICAgIHsKICAgICAgICAgICAgLy8gV2UgbmVlZCB0byBjcmVhdGUgdGhlIGxpbmsgYXMgYSBkaXIgYmVmb3JlaGFuZAogICAgICAgICAgICBEaXJlY3RvcnkuQ3JlYXRlRGlyZWN0b3J5KGxpbmtQYXRoKTsKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgZmlsZUhhbmRsZSA9IENyZWF0ZUZpbGUoCiAgICAgICAgICAgICAgICBsaW5rUGF0aCwKICAgICAgICAgICAgICAgIEZpbGVBY2Nlc3MuV3JpdGUsCiAgICAgICAgICAgICAgICBGaWxlU2hhcmUuUmVhZCB8IEZpbGVTaGFyZS5Xcml0ZSB8IEZpbGVTaGFyZS5Ob25lLAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8sCiAgICAgICAgICAgICAgICBGaWxlTW9kZS5PcGVuLAogICAgICAgICAgICAgICAgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgfCBGSUxFX0ZMQUdfT1BFTl9SRVBBUlNFX1BPSU5ULAogICAgICAgICAgICAgICAgSW50UHRyLlplcm8pOwoKICAgICAgICAgICAgaWYgKGZpbGVIYW5kbGUuSXNJbnZhbGlkKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IExpbmtVdGlsV2luMzJFeGNlcHRpb24oU3RyaW5nLkZvcm1hdCgiQ3JlYXRlRmlsZSh7MH0pIGZhaWxlZCIsIGxpbmtQYXRoKSk7CgogICAgICAgICAgICB0cnkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc3RyaW5nIHN1YnN0aXR1dGVOYW1lID0gIlxcPz9cXCIgKyBQYXRoLkdldEZ1bGxQYXRoKGxpbmtUYXJnZXQpOwogICAgICAgICAgICAgICAgc3RyaW5nIHByaW50TmFtZSA9IGxpb ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1707	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 7): pbGVnZXNdOjpFbmFibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2VzcykKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OlJlbW92ZVByaXZpbGVnZSgkcHJvY2VzcywgJG5hbWUpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3MsICRuZXdfc3RhdGUpCgogICAgSGVyZSBpcyBhIGJyaWVmIGV4cGxhbmF0aW9uIG9mIGVhY2ggdHlwZSBvZiBhcmcKICAgICRwcm9jZXNzID0gVGhlIHByb2Nlc3MgaGFuZGxlIHRvIG1hbmlwdWxhdGUsIHVzZSAnW0Fuc2libGUuUHJpdmlsZWdlVXRpbHMuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCknIHRvIGdldCB0aGUgY3VycmVudCBwcm9jZXNzIGhhbmRsZQogICAgJG5hbWUgPSBUaGUgbmFtZSBvZiB0aGUgcHJpdmlsZWdlLCB0aGlzIGlzIHRoZSBjb25zdGFudCB2YWx1ZSBmcm9tIGh0dHBzOi8vZG9jcy5taWNyb3NvZnQuY29tL2VuLXVzL3dpbmRvd3MvZGVza3RvcC9TZWNBdXRoWi9wcml2aWxlZ2UtY29uc3RhbnRzLCBlLmcuIFNlQXVkaXRQcml2aWxlZ2UKICAgICRuZXdfc3RhdGUgPSAnU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nXSwgW1N5c3RlbS5OdWxsYWJsZWAxW1N5c3RlbS5Cb29sZWFuXV1dJwogICAgICAgIFRoZSBrZXkgaXMgdGhlIGNvbnN0YW50IG5hbWUgYXMgYSBzdHJpbmcsIHRoZSB2YWx1ZSBpcyBhIHRlcm5hcnkgYm9vbGVhbiB3aGVyZQogICAgICAgICAgICB0cnVlIC0gd2lsbCBlbmFibGUgdGhlIHByaXZpbGVnZQogICAgICAgICAgICBmYWxzZSAtIHdpbGwgZGlzYWJsZSB0aGUgcHJpdmlsZWdlCiAgICAgICAgICAgIG51bGwgLSB3aWxsIHJlbW92ZSB0aGUgcHJpdmlsZWdlCgogICAgRWFjaCBtZXRob2QgdGhhdCBjaGFuZ2VzIHRoZSBwcml2aWxlZ2Ugc3RhdGUgd2lsbCByZXR1cm4gYSBkaWN0aW9uYXJ5IHRoYXQKICAgIGNhbiBiZSB1c2VkIGFzIHRoZSAkbmV3X3N0YXRlIGFyZyBvZiBTZXRUb2tlblByaXZpbGVnZXMgdG8gdW5kbyBhbmQgcmV2ZXJ0CiAgICBiYWNrIHRvIHRoZSBvcmlnaW5hbCBzdGF0ZS4gSWYgeW91IHJlbW92ZSBhIHByaXZpbGVnZSB0aGVuIHRoaXMgaXMKICAgIGlycmV2ZXJzaWJsZSBhbmQgd29uJ3QgYmUgcGFydCBvZiB0aGUgcmV0dXJuZWQgZGljdAogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICAjIGJ1aWxkIHRoZSBDIyBjb2RlIHRvIGNvbXBpbGUKICAgICRuYW1lc3BhY2VfaW1wb3J0ID0gKCRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX25hbWVzcGFjZXMgfCBGb3JFYWNoLU9iamVjdCB7ICJ1c2luZyAkXzsiIH0pIC1qb2luICJgcmBuIgogICAgJHBsYXRmb3JtX3V0aWwgPSAiJG5hbWVzcGFjZV9pbXBvcnRgcmBuYHJgbiRhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGUiCgogICAgIyBGVVRVUkU6IGZpbmQgYSBiZXR0ZXIgd2F5IHRvIGdldCB0aGUgX2Fuc2libGVfcmVtb3RlX3RtcCB2YXJpYWJsZQogICAgIyB0aGlzIGlzIHVzZWQgdG8gZm9yY2UgY3NjIHRvIGNvbXBpbGUgdGhlIEMjIGNvZGUgaW4gdGhlIHJlbW90ZSB0bXAKICAgICMgc3BlY2lmaWVkCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwbGF0Zm9ybV91dGlsCiAgICAkZW52OlRNUCA9ICRvcmlnaW5hbF90bXAKfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQcml2aWxlZ2UgewogICAgPCMKICAgIC5TWU5PUFNJUwogICAgR2V0IHRoZSBzdGF0dXMgb2YgYSBwcml2aWxlZ2UgZm9yIHRoZSBjdXJyZW50IHByb2Nlc3MuIFRoaXMgcmV0dXJucwogICAgICAgICR0cnVlIC0gdGhlIHByaXZpbGVnZSBpcyBlbmFibGVkCiAgICAgICAgJGZhbHNlIC0gdGhlIHByaXZpbGVnZSBpcyBkaXNhYmxlZAogICAgICAgICRudWxsIC0gdGhlIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gdGhlIHRva2VuCgogICAgSWYgTmFtZSBpcyBub3QgYSB2YWxpZCBwcml2aWxlZ2UgbmFtZSwgdGhpcyB3aWxsIHRocm93IGFuCiAgICBBcmd1bWVudEV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VEZWJ1Z1ByaXZpbGVnZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKCldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZQogICAgKQoKICAgIGlmICgtbm90IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkTmFtZSkpIHsKICAgICAgICB0aHJvdyBbU3lzdGVtLkFyZ3VtZW50RXhjZXB0aW9uXSAiSW52YWxpZCBwcml2aWxlZ2UgbmFtZSAnJE5hbWUnIgogICAgfQoKICAgICRwcm9jZXNzX3Rva2VuID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0Q3VycmVudFByb2Nlc3MoKQogICAgJHByaXZpbGVnZV9pbmZvID0gW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6R2V0QWxsUHJpdmlsZWdlSW5mbygkcHJvY2Vzc190b2tlbikKICAgIGlmICgkcHJpdmlsZWdlX2luZm8uQ29udGFpbnNLZXkoJE5hbWUpKSB7CiAgICAgICAgJHN0YXR1cyA9ICRwcml2aWxlZ2VfaW5mby4kTmFtZQogICAgICAgIHJldHVybiAkc3RhdHVzLkhhc0ZsYWcoW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VBdHRyaWJ1dGVzXTo6RW5hYmxlZCkKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRudWxsCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1BbnNpYmxlUHJpdmlsZWdlIHsKICAgIDwjCiAgICAuU1lOT1BTSVMKICAgIEVuYWJsZXMvRGlzYWJsZXMgYSBwcml2aWxlZ2Ugb24gdGhlIGN1cnJlbnQgcHJvY2VzcycgdG9rZW4uIElmIGEgcHJpdmlsZWdlCiAgICBoYXMgYmVlbiByZW1vdmVkIGZyb20gdGhlIHByb2Nlc3MgdG9rZW4sIHRoaXMgd2lsbCB0aHJvdyBhbgogICAgSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbi4KCiAgICAuRVhBTVBMRQogICAgIyBlbmFibGUgYSBwcml2aWxlZ2UKICAgIFNldC1BbnNpYmxlUHJpdmlsZWdlIC1OYW1lIFNlQ3JlYXRlU3ltYm9saWNMaW5rUHJpdmlsZWdlIC1WYWx1ZSAkdHJ1ZQoKICAgICMgZGlzYWJsZSBhIHByaXZpbGVnZQogICAgU2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgU2VDcmVhdGVTeW1ib2xpY0xpbmtQcml2aWxlZ2UgLVZhbHVlICRmYWxzZQogICAgIz4KICAgIFtDbWRsZXRCaW5kaW5nKFN1cHBvcnRzU2hvdWxkUHJvY2VzcyldCiAgICBwYXJhbSgKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW1N0cmluZ10kTmFtZSwKICAgICAgICBbUGFyYW1ldGVyKE1hbmRhdG9yeT0kdHJ1ZSldW2Jvb2xdJFZhbHVlCiAgICApCgogICAgJGFjdGlvbiA9IHN3aXRjaCgkVmFsdWUpIHsKICAgICAgICAkdHJ1ZSB7ICJFbmFibGUiIH0KICAgICAgICAkZmFsc2UgeyAiRGlzYWJsZSIgfQogICAgfQoKICAgICRjdXJyZW50X3N0YXRlID0gR2V0LUFuc2libGVQcml2aWxlZ2UgLU5hbWUgJE5hbWUKICAgIGlmICgkY3VycmVudF9zdGF0ZSAtZXEgJFZhbHVlKSB7CiAgICAgICAgcmV0dXJuICAjIG5vIGNoYW5nZSBuZWVkcyB0byBvY2N1cgogICAgfSBlbHNlaWYgKCRudWxsIC1lcSAkY3VycmVudF9zdGF0ZSkgewogICAgICAgICMgb25jZSBhIHByaXZpbGVnZSBpcyByZW1vdmVkIGZyb20gYSB0b2tlbiB3ZSBjYW5ub3QgZG8gYW55dGhpbmcgd2l0aCBpdAogICAgICAgIHRocm93IFtTeXN0ZW0uSW52YWxpZE9wZXJhdGlvbkV4Y2VwdGlvbl0gIkNhbm5vdCAkKCRhY3Rpb24uVG9Mb3dlcigpKSB0aGUgcHJpdmlsZWdlICckTmFtZScgYXMgaXQgaGFzIGJlZW4gcmVtb3ZlZCBmcm9tIHRoZSB0b2tlbiIKICAgIH0KCiAgICAkcHJvY2Vzc190b2tlbiA9IFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkdldEN1cnJlbnRQcm9jZXNzKCkKICAgIGlmICgkUFNDbWRsZXQuU2hvdWxkUHJvY2VzcygkTmFtZSwgIiRhY3Rpb24gdGhlIHByaXZpbGVnZSAkTmFtZSIpKSB7CiAgICAgICAgJG5ld19zdGF0ZSA9IE5ldy1PYmplY3QgLVR5cGVOYW1lICdTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmddLCBbU3lzdGVtLk51bGxhYmxlYDFbU3lzdGVtLkJvb2xlYW5dXV0nCiAgICAgICAgJG5ld19zdGF0ZS5BZGQoJE5hbWUsICRWYWx1ZSkKICAgICAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZpbGVnZXNdOjpTZXRUb2tlblByaXZpbGVnZXMoJHByb2Nlc3NfdG9rZW4sICRuZXdfc3RhdGUpID4gJG51bGwKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gSW1wb3J0LVByaXZpbGVnZVV0aWwsIEdldC1BbnNpYmxlUHJpdmlsZWdlLCBTZXQtQW5zaWJsZVByaXZpbGVnZSBgCiAgICAtVmFyaWFibGUgYW5zaWJsZV9wcml2aWxlZ2VfdXRpbF9uYW1lc3BhY2VzLCBhbnNpYmxlX3ByaXZpbGVnZV91dGlsX2NvZGU=", "Ansible.ModuleUtils.LinkUtil": "ICMgQ29weXJpZ2h0IChjKSAyMDE3IEFuc2libGUgUHJvamVjdAogIyBTaW1wbGlmaWVkIEJTRCBMaWNlbnNlIChzZWUgbGljZW5zZXMvc2ltcGxpZmllZF9ic2QudHh0IG9yIGh0dHBzOi8vb3BlbnNvdXJjZS5vcmcvbGljZW5zZXMvQlNELTItQ2xhdXNlKQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Qcml2aWxlZ2VVdGlsCgpGdW5jdGlvbiBMb2FkLUxpbmtVdGlscygpIHsKICAgICRsaW5rX3V0aWwgPSBAJwp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWM7CnVzaW5nIFN5c3RlbS5JTzsKdXNpbmcgU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzOwp1c2luZyBTeXN0ZW0uVGV4dDsKCm5hbWVzcGFjZSBBbnNpYmxlCnsKICAgIHB1YmxpYyBlbnVtIExpbmtUeXBlCiAgICB7CiAgICAgICAgU3ltYm9saWNMaW5rLAogICAgICAgIEp1bmN0aW9uUG9pbnQsCiAgICAgICAgSGFyZExpbmsKICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CgogICAgICAgIHB1YmxpYyBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIExpbmtVdGlsV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgb3ZlcnJpZGUgc3RyaW5nIE1lc3NhZ2UgeyBnZXQgeyByZXR1cm4gX21zZzsgfSB9CiAgICAgICAgcHVibGljIHN0YXRpYyBleHBsaWNpdCBvcGVyYXRvciBMaW5rVXRpbFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgTGlua1V0aWxXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBMaW5rSW5mbwogICAgewogICAgICAgIHB1YmxpYyBMaW5rVHlwZSBUeXBlIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICBwdWJsaWMgc3RyaW5nIFByaW50TmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBTdWJzdGl0dXRlTmFtZSB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZyBBYnNvbHV0ZVBhdGggeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIHB1YmxpYyBzdHJpbmcgVGFyZ2V0UGF0aCB7IGdldDsgaW50ZXJuYWwgc2V0OyB9CiAgICAgICAgcHVibGljIHN0cmluZ1tdIEhhcmRUYXJnZXRzIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgIH0KCiAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICBwdWJsaWMgc3RydWN0IFJFUEFSU0VfREFUQV9CVUZGRVIKICAgIHsKICAgICAgICBwdWJsaWMgVUludDMyIFJlcGFyc2VUYWc7CiAgICAgICAgcHVibGljIFVJbnQxNiBSZXBhcnNlRGF0YUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFJlc2VydmVkOwogICAgICAgIHB1YmxpYyBVSW50MTYgU3Vic3RpdHV0ZU5hbWVPZmZzZXQ7CiAgICAgICAgcHVibGljIFVJbnQxNiBTdWJzdGl0dXRlTmFtZUxlbmd0aDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZU9mZnNldDsKICAgICAgICBwdWJsaWMgVUludDE2IFByaW50TmFtZUxlbmd0aDsKCiAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkJ5VmFsQXJyYXksIFNpemVDb25zdCA9IExpbmtVdGlsLk1BWElNVU1fUkVQQVJTRV9EQVRBX0JVRkZFUl9TSVpFKV0KICAgICAgICBwdWJsaWMgY2hhcltdIFBhdGhCdWZmZXI7CiAgICB9CgogICAgcHVibGljIGNsYXNzIExpbmtVdGlsCiAgICB7CiAgICAgICAgcHVibGljIGNvbnN0IGludCBNQVhJTVVNX1JFUEFSU0VfREFUQV9CVUZGRVJfU0laRSA9IDEwMjQgKiAxNjsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRklMRV9GTEFHX0JBQ0tVUF9TRU1BTlRJQ1MgPSAweDAyMDAwMDAwOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfRkxBR19PUEVOX1JFUEFSU0VfUE9JTlQgPSAweDAwMjAwMDAwOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBGU0NUTF9HRVRfUkVQQVJTRV9QT0lOVCA9IDB4MDAwOTAwQTg7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgRlNDVExfU0VUX1JFUEFSU0VfUE9JTlQgPSAweDAwMDkwMEE0OwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIEZJTEVfREVWSUNFX0ZJTEVfU1lTVEVNID0gMHgwMDA5MDAwMDsKCiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgSU9fUkVQQVJTRV9UQUdfTU9VTlRfUE9JTlQgPSAweEEwMDAwMDAzOwogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIElPX1JFUEFSU0VfVEFHX1NZTUxJTksgPSAweEEwMDAwMDBDOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1MSU5LX0ZMQUdfUkVMQVRJVkUgPSAweDAwMDAwMDAxOwoKICAgICAgICBwcml2YXRlIGNvbnN0IEludDY0IElOVkFMSURfSEFORExFX1ZBTFVFID0gLTE7CgogICAgICAgIHByaXZhdGUgY29uc3QgVUludDMyIFNJWkVfT0ZfV0NIQVIgPSAyOwoKICAgICAgICBwcml2YXRlIGNvbnN0IFVJbnQzMiBTWU1CT0xJQ19MSU5LX0ZMQUdfRklMRSA9IDB4MDAwMDAwMDA7CiAgICAgICAgcHJpdmF0ZSBjb25zdCBVSW50MzIgU1lNQk9MSUNfTElOS19GTEFHX0RJUkVDVE9SWSA9IDB4MDAwMDAwMDE7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBTYWZlRmlsZUhhbmRsZSBDcmVhdGVGaWxlKAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLlU0KV0gRmlsZUFjY2VzcyBkd0Rlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5VNCldIEZpbGVTaGFyZSBkd1NoYXJlTW9kZSwKICAgICAgICAgICAgSW50UHRyIGxwU2VjdXJpdHlBdHRyaWJ1dGVzLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuVTQpXSBGaWxlTW9kZSBkd0NyZWF0aW9uRGlzcG9zaXRpb24sCiAgICAgICAgICAgIFVJbnQzMiBkd0ZsYWdzQW5kQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGhUZW1wbGF0ZUZpbGUpOwoKICAgICAgICAvLyBVc2VkIGJ5IEdldFJlcGFyc2VQb2ludEluZm8oKQogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUsIENoYXJTZXQgPSBDaGFyU2V0LkF1dG8pXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIERldmljZUlvQ29udHJvbCgKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaERldmljZSwKICAgICAgICAgICAgVUludDMyIGR3SW9Db250cm9sQ29kZSwKICAgICAgICAgICAgSW50UHRyIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgUkVQQVJTRV9EQVRBX0JVRkZFUiBscE91dEJ1ZmZlciwKICAgICAgICAgICAgVUludDMyIG5PdXRCdWZmZXJTaXplLAogICAgICAgICAgICBvdXQgVUludDMyIGxwQnl0ZXNSZXR1cm5lZCwKICAgICAgICAgICAgSW50UHRyIGxwT3ZlcmxhcHBlZCk7CgogICAgICAgIC8vIFVzZWQgYnkgQ3JlYXRlSnVuY3Rpb25Qb2ludCgpCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuQXV0byldCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgZXh0ZXJuIGJvb2wgRGV2aWNlSW9Db250cm9sKAogICAgICAgICAgICBTYWZlRmlsZUhhbmRsZSBoRGV2aWNlLAogICAgICAgICAgICBVSW50MzIgZHdJb0NvbnRyb2xDb2RlLAogICAgICAgICAgICBSRVBBUlNFX0RBVEFfQlVGRkVSIGxwSW5CdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuSW5CdWZmZXJTaXplLAogICAgICAgICAgICBJbnRQdHIgbHBPdXRCdWZmZXIsCiAgICAgICAgICAgIFVJbnQzMiBuT3V0QnVmZmVyU2l6ZSwKICAgICAgICAgICAgb3V0IFVJbnQzMiBscEJ5dGVzUmV0dXJuZWQsCiAgICAgICAgICAgIEludFB0ciBscE92ZXJsYXBwZWQpOwoKICAgICAgICBbRGxsSW1wb3J0KCJrZXJuZWwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlLCBDaGFyU2V0ID0gQ2hhclNldC ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1706	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 7): UHRyVG9TdHJ1Y3R1cmUocHJpdmlsZWdlc1B0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgIHByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW3ByaXZpbGVnZUluZm8uUHJpdmlsZWdlQ291bnRdOwogICAgICAgICAgICAgICAgICAgIFB0clRvU3RydWN0dXJlQXJyYXkocHJpdmlsZWdlcywgSW50UHRyLkFkZChwcml2aWxlZ2VzUHRyLCBNYXJzaGFsLlNpemVPZihwcml2aWxlZ2VJbmZvLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwocHJpdmlsZWdlc1B0cik7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgaW5mbyA9IHByaXZpbGVnZXMuVG9EaWN0aW9uYXJ5KHAgPT4gR2V0UHJpdmlsZWdlTmFtZShwLkx1aWQpLCBwID0+IHAuQXR0cmlidXRlcyk7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZmluYWxseQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBOYXRpdmVNZXRob2RzLkNsb3NlSGFuZGxlKGhUb2tlbik7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgcmV0dXJuIGluZm87CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIFNhZmVXYWl0SGFuZGxlIEdldEN1cnJlbnRQcm9jZXNzKCkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBOYXRpdmVNZXRob2RzLkdldEN1cnJlbnRQcm9jZXNzKCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIHZvaWQgUmVtb3ZlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgbnVsbCB9IH0pOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IFNldFRva2VuUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuLCBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IHN0YXRlKQogICAgICAgIHsKICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlQXR0ciA9IG5ldyBOYXRpdmVIZWxwZXJzLkxVSURfQU5EX0FUVFJJQlVURVNbc3RhdGUuQ291bnRdOwogICAgICAgICAgICBpbnQgaSA9IDA7CgogICAgICAgICAgICBmb3JlYWNoIChLZXlWYWx1ZVBhaXI8c3RyaW5nLCBib29sPz4gZW50cnkgaW4gc3RhdGUpCiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRCBsdWlkOwogICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIGVudHJ5LktleSwgb3V0IGx1aWQpKQogICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJMb29rdXBQcml2aWxlZ2VWYWx1ZSh7MH0pIGZhaWxlZCIsIGVudHJ5LktleSkpOwoKICAgICAgICAgICAgICAgIFByaXZpbGVnZUF0dHJpYnV0ZXMgYXR0cmlidXRlczsKICAgICAgICAgICAgICAgIHN3aXRjaCAoZW50cnkuVmFsdWUpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgY2FzZSB0cnVlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkOwogICAgICAgICAgICAgICAgICAgICAgICBicmVhazsKICAgICAgICAgICAgICAgICAgICBjYXNlIGZhbHNlOgogICAgICAgICAgICAgICAgICAgICAgICBhdHRyaWJ1dGVzID0gUHJpdmlsZWdlQXR0cmlidXRlcy5EaXNhYmxlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgZGVmYXVsdDoKICAgICAgICAgICAgICAgICAgICAgICAgYXR0cmlidXRlcyA9IFByaXZpbGVnZUF0dHJpYnV0ZXMuUmVtb3ZlZDsKICAgICAgICAgICAgICAgICAgICAgICAgYnJlYWs7CiAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgcHJpdmlsZWdlQXR0cltpXS5MdWlkID0gbHVpZDsKICAgICAgICAgICAgICAgIHByaXZpbGVnZUF0dHJbaV0uQXR0cmlidXRlcyA9IGF0dHJpYnV0ZXM7CiAgICAgICAgICAgICAgICBpKys7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHJldHVybiBBZGp1c3RUb2tlblByaXZpbGVnZXModG9rZW4sIHByaXZpbGVnZUF0dHIpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBBZGp1c3RUb2tlblByaXZpbGVnZXMoU2FmZUhhbmRsZSB0b2tlbiwgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gbmV3U3RhdGUpCiAgICAgICAgewogICAgICAgICAgICBib29sIGRpc2FibGVBbGxQcml2aWxlZ2VzOwogICAgICAgICAgICBJbnRQdHIgbmV3U3RhdGVQdHI7CiAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1tdIG9sZFN0YXRlUHJpdmlsZWdlczsKICAgICAgICAgICAgVUludDMyIHJldHVybkxlbmd0aDsKCiAgICAgICAgICAgIGlmIChuZXdTdGF0ZSA9PSBudWxsKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBkaXNhYmxlQWxsUHJpdmlsZWdlcyA9IHRydWU7CiAgICAgICAgICAgICAgICBuZXdTdGF0ZVB0ciA9IEludFB0ci5aZXJvOwogICAgICAgICAgICB9CiAgICAgICAgICAgIGVsc2UKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgZGlzYWJsZUFsbFByaXZpbGVnZXMgPSBmYWxzZTsKCiAgICAgICAgICAgICAgICAvLyBOZWVkIHRvIG1hbnVhbGx5IG1hcnNoYWwgdGhlIGJ5dGVzIHJlcXVpcmVzIGZvciBuZXdTdGF0ZSBhcyB0aGUgY29uc3RhbnQgc2l6ZQogICAgICAgICAgICAgICAgLy8gb2YgTFVJRF9BTkRfQVRUUklCVVRFUyBpcyBzZXQgdG8gMSBhbmQgY2FuJ3QgYmUgb3ZlcnJpZGRlbiBhdCBydW50aW1lLCBUT0tFTl9QUklWSUxFR0VTCiAgICAgICAgICAgICAgICAvLyBhbHdheXMgY29udGFpbnMgYXQgbGVhc3QgMSBlbnRyeSBzbyB3ZSBuZWVkIHRvIGNhbGN1bGF0ZSB0aGUgZXh0cmEgc2l6ZSBpZiB0aGVyZSBhcmUKICAgICAgICAgICAgICAgIC8vIG5vcmUgdGhhbiAxIExVSURfQU5EX0FUVFJJQlVURVMgZW50cnkKICAgICAgICAgICAgICAgIGludCB0b2tlblByaXZpbGVnZXNTaXplID0gTWFyc2hhbC5TaXplT2YodHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgaW50IGx1aWRBdHRyU2l6ZSA9IDA7CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMSkKICAgICAgICAgICAgICAgICAgICBsdWlkQXR0clNpemUgPSBNYXJzaGFsLlNpemVPZih0eXBlb2YoTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTKSkgKiAobmV3U3RhdGUuTGVuZ3RoIC0gMSk7CiAgICAgICAgICAgICAgICBpbnQgdG90YWxTaXplID0gdG9rZW5Qcml2aWxlZ2VzU2l6ZSArIGx1aWRBdHRyU2l6ZTsKICAgICAgICAgICAgICAgIGJ5dGVbXSBuZXdTdGF0ZUJ5dGVzID0gbmV3IGJ5dGVbdG90YWxTaXplXTsKCiAgICAgICAgICAgICAgICAvLyBnZXQgdGhlIGZpcnN0IGVudHJ5IHRoYXQgaW5jbHVkZXMgdGhlIHN0cnVjdCBkZXRhaWxzCiAgICAgICAgICAgICAgICBOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMgdG9rZW5Qcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUygpCiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgUHJpdmlsZWdlQ291bnQgPSAoVUludDMyKW5ld1N0YXRlLkxlbmd0aCwKICAgICAgICAgICAgICAgICAgICBQcml2aWxlZ2VzID0gbmV3IE5hdGl2ZUhlbHBlcnMuTFVJRF9BTkRfQVRUUklCVVRFU1sxXSwKICAgICAgICAgICAgICAgIH07CiAgICAgICAgICAgICAgICBpZiAobmV3U3RhdGUuTGVuZ3RoID4gMCkKICAgICAgICAgICAgICAgICAgICB0b2tlblByaXZpbGVnZXMuUHJpdmlsZWdlc1swXSA9IG5ld1N0YXRlWzBdOwogICAgICAgICAgICAgICAgaW50IG9mZnNldCA9IFN0cnVjdHVyZVRvQnl0ZXModG9rZW5Qcml2aWxlZ2VzLCBuZXdTdGF0ZUJ5dGVzLCAwKTsKCiAgICAgICAgICAgICAgICAvLyBjb3B5IHRoZSByZW1haW5pbmcgTFVJRF9BTkRfQVRUUklCVVRFUyAoaWYgYW55KQogICAgICAgICAgICAgICAgZm9yIChpbnQgaSA9IDE7IGkgPCBuZXdTdGF0ZS5MZW5ndGg7IGkrKykKICAgICAgICAgICAgICAgICAgICBvZmZzZXQgKz0gU3RydWN0dXJlVG9CeXRlcyhuZXdTdGF0ZVtpXSwgbmV3U3RhdGVCeXRlcywgb2Zmc2V0KTsKCiAgICAgICAgICAgICAgICAvLyBmaW5hbGx5IGNyZWF0ZSB0aGUgcG9pbnRlciB0byB0aGUgYnl0ZSBhcnJheSB3ZSBqdXN0IGNyZWF0ZWQKICAgICAgICAgICAgICAgIG5ld1N0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwobmV3U3RhdGVCeXRlcy5MZW5ndGgpOwogICAgICAgICAgICAgICAgTWFyc2hhbC5Db3B5KG5ld1N0YXRlQnl0ZXMsIDAsIG5ld1N0YXRlUHRyLCBuZXdTdGF0ZUJ5dGVzLkxlbmd0aCk7CiAgICAgICAgICAgIH0KCiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBJbnRQdHIgaFRva2VuID0gSW50UHRyLlplcm87CiAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuT3BlblByb2Nlc3NUb2tlbih0b2tlbiwgVG9rZW5BY2Nlc3NMZXZlbHMuUXVlcnkgfCBUb2tlbkFjY2Vzc0xldmVscy5BZGp1c3RQcml2aWxlZ2VzLCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIk9wZW5Qcm9jZXNzVG9rZW4oKSBmYWlsZWQgd2l0aCBRdWVyeSBhbmQgQWRqdXN0UHJpdmlsZWdlcyIpOwogICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgSW50UHRyIG9sZFN0YXRlUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoMCk7CiAgICAgICAgICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkFkanVzdFRva2VuUHJpdmlsZWdlcyhoVG9rZW4sIGRpc2FibGVBbGxQcml2aWxlZ2VzLCBuZXdTdGF0ZVB0ciwgMCwgb2xkU3RhdGVQdHIsIG91dCByZXR1cm5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICAgICAgICAgIGlmIChlcnJDb2RlICE9IDEyMikgLy8gRVJST1JfSU5TVUZGSUNJRU5UX0JVRkZFUgogICAgICAgICAgICAgICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKGVyckNvZGUsICJBZGp1c3RUb2tlblByaXZpbGVnZXMoKSBmYWlsZWQgdG8gZ2V0IG9sZCBzdGF0ZSBzaXplIik7CiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAvLyByZXNpemUgdGhlIG9sZFN0YXRlUHRyIGJhc2VkIG9uIHRoZSBsZW5ndGggcmV0dXJuZWQgZnJvbSBXaW5kb3dzCiAgICAgICAgICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChvbGRTdGF0ZVB0cik7CiAgICAgICAgICAgICAgICAgICAgb2xkU3RhdGVQdHIgPSBNYXJzaGFsLkFsbG9jSEdsb2JhbCgoaW50KXJldHVybkxlbmd0aCk7CiAgICAgICAgICAgICAgICAgICAgdHJ5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBib29sIHJlcyA9IE5hdGl2ZU1ldGhvZHMuQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKGhUb2tlbiwgZGlzYWJsZUFsbFByaXZpbGVnZXMsIG5ld1N0YXRlUHRyLCByZXR1cm5MZW5ndGgsIG9sZFN0YXRlUHRyLCBvdXQgcmV0dXJuTGVuZ3RoKTsKICAgICAgICAgICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBldmVuIHdoZW4gcmVzID09IHRydWUsIEVSUk9SX05PVF9BTExfQVNTSUdORUQgbWF5IGJlIHNldCBhcyB0aGUgbGFzdCBlcnJvciBjb2RlCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICghcmVzIHx8IGVyckNvZGUgIT0gMCkKICAgICAgICAgICAgICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbihlcnJDb2RlLCAiQWRqdXN0VG9rZW5Qcml2aWxlZ2VzKCkgZmFpbGVkIik7CgogICAgICAgICAgICAgICAgICAgICAgICAvLyBNYXJzaGFsIHRoZSBvbGRTdGF0ZVB0ciB0byB0aGUgc3RydWN0CiAgICAgICAgICAgICAgICAgICAgICAgIE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUyBvbGRTdGF0ZSA9IChOYXRpdmVIZWxwZXJzLlRPS0VOX1BSSVZJTEVHRVMpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShvbGRTdGF0ZVB0ciwgdHlwZW9mKE5hdGl2ZUhlbHBlcnMuVE9LRU5fUFJJVklMRUdFUykpOwogICAgICAgICAgICAgICAgICAgICAgICBvbGRTdGF0ZVByaXZpbGVnZXMgPSBuZXcgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW29sZFN0YXRlLlByaXZpbGVnZUNvdW50XTsKICAgICAgICAgICAgICAgICAgICAgICAgUHRyVG9TdHJ1Y3R1cmVBcnJheShvbGRTdGF0ZVByaXZpbGVnZXMsIEludFB0ci5BZGQob2xkU3RhdGVQdHIsIE1hcnNoYWwuU2l6ZU9mKG9sZFN0YXRlLlByaXZpbGVnZUNvdW50KSkpOwogICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICAgICAgewogICAgICAgICAgICAgICAgICAgICAgICBNYXJzaGFsLkZyZWVIR2xvYmFsKG9sZFN0YXRlUHRyKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgICAgICB7CiAgICAgICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5DbG9zZUhhbmRsZShoVG9rZW4pOwogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgICAgIGZpbmFsbHkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaWYgKG5ld1N0YXRlUHRyICE9IEludFB0ci5aZXJvKQogICAgICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwobmV3U3RhdGVQdHIpOwogICAgICAgICAgICB9CgogICAgICAgICAgICByZXR1cm4gb2xkU3RhdGVQcml2aWxlZ2VzLlRvRGljdGlvbmFyeShwID0+IEdldFByaXZpbGVnZU5hbWUocC5MdWlkKSwgcCA9PiAoYm9vbD8pcC5BdHRyaWJ1dGVzLkhhc0ZsYWcoUHJpdmlsZWdlQXR0cmlidXRlcy5FbmFibGVkKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBzdHJpbmcgR2V0UHJpdmlsZWdlTmFtZShOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZCkKICAgICAgICB7CiAgICAgICAgICAgIFVJbnQzMiBuYW1lTGVuID0gMDsKICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5Mb29rdXBQcml2aWxlZ2VOYW1lKG51bGwsIHJlZiBsdWlkLCBudWxsLCByZWYgbmFtZUxlbik7CgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIG5hbWUgPSBuZXcgU3RyaW5nQnVpbGRlcigoaW50KShuYW1lTGVuICsgMSkpOwogICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuTG9va3VwUHJpdmlsZWdlTmFtZShudWxsLCByZWYgbHVpZCwgbmFtZSwgcmVmIG5hbWVMZW4pKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJMb29rdXBQcml2aWxlZ2VOYW1lKCkgZmFpbGVkIik7CgogICAgICAgICAgICByZXR1cm4gbmFtZS5Ub1N0cmluZygpOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBQdHJUb1N0cnVjdHVyZUFycmF5PFQ+KFRbXSBhcnJheSwgSW50UHRyIHB0cikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBwdHJPZmZzZXQgPSBwdHI7CiAgICAgICAgICAgIGZvciAoaW50IGkgPSAwOyBpIDwgYXJyYXkuTGVuZ3RoOyBpKyssIHB0ck9mZnNldCA9IEludFB0ci5BZGQocHRyT2Zmc2V0LCBNYXJzaGFsLlNpemVPZih0eXBlb2YoVCkpKSkKICAgICAgICAgICAgICAgIGFycmF5W2ldID0gKFQpTWFyc2hhbC5QdHJUb1N0cnVjdHVyZShwdHJPZmZzZXQsIHR5cGVvZihUKSk7CiAgICAgICAgfQoKICAgICAgICBwcml2YXRlIHN0YXRpYyBpbnQgU3RydWN0dXJlVG9CeXRlczxUPihUIHN0cnVjdHVyZSwgYnl0ZVtdIGFycmF5LCBpbnQgb2Zmc2V0KQogICAgICAgIHsKICAgICAgICAgICAgaW50IHNpemUgPSBNYXJzaGFsLlNpemVPZihzdHJ1Y3R1cmUpOwogICAgICAgICAgICBJbnRQdHIgc3RydWN0UHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoc2l6ZSk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBNYXJzaGFsLlN0cnVjdHVyZVRvUHRyKHN0cnVjdHVyZSwgc3RydWN0UHRyLCBmYWxzZSk7CiAgICAgICAgICAgICAgICBNYXJzaGFsLkNvcHkoc3RydWN0UHRyLCBhcnJheSwgb2Zmc2V0LCBzaXplKTsKICAgICAgICAgICAgfQogICAgICAgICAgICBmaW5hbGx5CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIE1hcnNoYWwuRnJlZUhHbG9iYWwoc3RydWN0UHRyKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgcmV0dXJuIHNpemU7CiAgICAgICAgfQogICAgfQp9CidACgpGdW5jdGlvbiBJbXBvcnQtUHJpdmlsZWdlVXRpbCB7CiAgICA8IwogICAgLlNZTk9QU0lTCiAgICBDb21waWxlcyB0aGUgQyMgY29kZSB0aGF0IGNhbiBiZSB1c2VkIHRvIG1hbmFnZSBXaW5kb3dzIHByaXZpbGVnZXMgZnJvbSBhbgogICAgQW5zaWJsZSBtb2R1bGUuIE9uY2UgdGhpcyBmdW5jdGlvbiBpcyBjYWxsZWQsIHRoZSBmb2xsb3dpbmcgUG93ZXJTaGVsbAogICAgY21kbGV0cyBjYW4gYmUgdXNlZDsKCiAgICAgICAgR2V0LUFuc2libGVQcml2aWxlZ2UKICAgICAgICBTZXQtQW5zaWJsZVByaXZpbGVnZQoKICAgIFRoZSBhYm92ZSBjbWRsZXRzIGdpdmUgdGhlIGFiaWxpdHkgdG8gbWFuYWdlIHBlcm1pc3Npb25zIG9uIHRoZSBjdXJyZW50CiAgICBwcm9jZXNzIHRva2VuIGJ1dCB0aGUgdW5kZXJseWluZyAuTkVUIGNsYXNzZXMgYXJlIGFsc28gZXhwb3NlZCBmb3IgZ3JlYXRlcgogICAgY29udHJvbC4gVGhlIGZvbGxvd2luZyBmdW5jdGlvbnMgY2FuIGJlIHVzZWQgYnkgY2FsbGluZyB0aGUgLk5FVCBjbGFzcwoKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkNoZWNrUHJpdmlsZWdlTmFtZSgkbmFtZSkKICAgIFtBbnNpYmxlLlByaXZpbGVnZVV0aWwuUHJpdmlsZWdlc106OkRpc2FibGVQcml2aWxlZ2UoJHByb2Nlc3MsICRuYW1lKQogICAgW0Fuc2libGUuUHJpdmlsZWdlVXRpbC5Qcml2aWxlZ2VzXTo6RGlzYWJsZUFsbFByaXZpbGVnZXMoJHByb2Nlc3MpCiAgICBbQW5zaWJsZS5Qcml2aWxlZ2VVdGlsLlByaXZ ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1705	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 7): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.PrivilegeUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTggQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiMgc3RvcmUgaW4gc2VwYXJhdGUgdmFyaWFibGVzIHRvIG1ha2UgaXQgZWFzaWVyIGZvciBvdGhlciBtb2R1bGVfdXRpbHMgdG8KIyBzaGFyZSB0aGlzIGNvZGUgaW4gdGhlaXIgb3duIGMjIGNvZGUKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfbmFtZXNwYWNlcyA9IEAoCiAgICAiTWljcm9zb2Z0LldpbjMyLlNhZmVIYW5kbGVzIiwKICAgICJTeXN0ZW0iLAogICAgIlN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljIiwKICAgICJTeXN0ZW0uTGlucSIsCiAgICAiU3lzdGVtLlJ1bnRpbWUuSW50ZXJvcFNlcnZpY2VzIiwKICAgICJTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsIiwKICAgICJTeXN0ZW0uVGV4dCIKKQoKJGFuc2libGVfcHJpdmlsZWdlX3V0aWxfY29kZSA9IEAnCm5hbWVzcGFjZSBBbnNpYmxlLlByaXZpbGVnZVV0aWwKewogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gUHJpdmlsZWdlQXR0cmlidXRlcyA6IHVpbnQKICAgIHsKICAgICAgICBEaXNhYmxlZCA9IDB4MDAwMDAwMDAsCiAgICAgICAgRW5hYmxlZEJ5RGVmYXVsdCA9IDB4MDAwMDAwMDEsCiAgICAgICAgRW5hYmxlZCA9IDB4MDAwMDAwMDIsCiAgICAgICAgUmVtb3ZlZCA9IDB4MDAwMDAwMDQsCiAgICAgICAgVXNlZEZvckFjY2VzcyA9IDB4ODAwMDAwMDAsCiAgICB9CgogICAgaW50ZXJuYWwgY2xhc3MgTmF0aXZlSGVscGVycwogICAgewogICAgICAgIFtTdHJ1Y3RMYXlvdXQoTGF5b3V0S2luZC5TZXF1ZW50aWFsKV0KICAgICAgICBpbnRlcm5hbCBzdHJ1Y3QgTFVJRAogICAgICAgIHsKICAgICAgICAgICAgcHVibGljIFVJbnQzMiBMb3dQYXJ0OwogICAgICAgICAgICBwdWJsaWMgSW50MzIgSGlnaFBhcnQ7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IExVSURfQU5EX0FUVFJJQlVURVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBMVUlEIEx1aWQ7CiAgICAgICAgICAgIHB1YmxpYyBQcml2aWxlZ2VBdHRyaWJ1dGVzIEF0dHJpYnV0ZXM7CiAgICAgICAgfQoKICAgICAgICBbU3RydWN0TGF5b3V0KExheW91dEtpbmQuU2VxdWVudGlhbCldCiAgICAgICAgaW50ZXJuYWwgc3RydWN0IFRPS0VOX1BSSVZJTEVHRVMKICAgICAgICB7CiAgICAgICAgICAgIHB1YmxpYyBVSW50MzIgUHJpdmlsZWdlQ291bnQ7CiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5CeVZhbEFycmF5LCBTaXplQ29uc3QgPSAxKV0KICAgICAgICAgICAgcHVibGljIExVSURfQU5EX0FUVFJJQlVURVNbXSBQcml2aWxlZ2VzOwogICAgICAgIH0KICAgIH0KCiAgICBpbnRlcm5hbCBjbGFzcyBOYXRpdmVNZXRob2RzCiAgICB7CiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIEFkanVzdFRva2VuUHJpdmlsZWdlcygKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuQm9vbCldIGJvb2wgRGlzYWJsZUFsbFByaXZpbGVnZXMsCiAgICAgICAgICAgIEludFB0ciBOZXdTdGF0ZSwKICAgICAgICAgICAgVUludDMyIEJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgSW50UHRyIFByZXZpb3VzU3RhdGUsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIENsb3NlSGFuZGxlKAogICAgICAgICAgICBJbnRQdHIgaE9iamVjdCk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyIildCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBTYWZlV2FpdEhhbmRsZSBHZXRDdXJyZW50UHJvY2VzcygpOwoKICAgICAgICBbRGxsSW1wb3J0KCJhZHZhcGkzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBpbnRlcm5hbCBzdGF0aWMgZXh0ZXJuIGJvb2wgR2V0VG9rZW5JbmZvcm1hdGlvbigKICAgICAgICAgICAgSW50UHRyIFRva2VuSGFuZGxlLAogICAgICAgICAgICBVSW50MzIgVG9rZW5JbmZvcm1hdGlvbkNsYXNzLAogICAgICAgICAgICBJbnRQdHIgVG9rZW5JbmZvcm1hdGlvbiwKICAgICAgICAgICAgVUludDMyIFRva2VuSW5mb3JtYXRpb25MZW5ndGgsCiAgICAgICAgICAgIG91dCBVSW50MzIgUmV0dXJuTGVuZ3RoKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZU5hbWUoCiAgICAgICAgICAgIHN0cmluZyBscFN5c3RlbU5hbWUsCiAgICAgICAgICAgIHJlZiBOYXRpdmVIZWxwZXJzLkxVSUQgbHBMdWlkLAogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGxwTmFtZSwKICAgICAgICAgICAgcmVmIFVJbnQzMiBjY2hOYW1lKTsKCiAgICAgICAgW0RsbEltcG9ydCgiYWR2YXBpMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgaW50ZXJuYWwgc3RhdGljIGV4dGVybiBib29sIExvb2t1cFByaXZpbGVnZVZhbHVlKAogICAgICAgICAgICBzdHJpbmcgbHBTeXN0ZW1OYW1lLAogICAgICAgICAgICBzdHJpbmcgbHBOYW1lLAogICAgICAgICAgICBvdXQgTmF0aXZlSGVscGVycy5MVUlEIGxwTHVpZCk7CgogICAgICAgIFtEbGxJbXBvcnQoImFkdmFwaTMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIGludGVybmFsIHN0YXRpYyBleHRlcm4gYm9vbCBPcGVuUHJvY2Vzc1Rva2VuKAogICAgICAgICAgICBTYWZlSGFuZGxlIFByb2Nlc3NIYW5kbGUsCiAgICAgICAgICAgIFRva2VuQWNjZXNzTGV2ZWxzIERlc2lyZWRBY2Nlc3MsCiAgICAgICAgICAgIG91dCBJbnRQdHIgVG9rZW5IYW5kbGUpOwogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBXaW4zMkV4Y2VwdGlvbiA6IFN5c3RlbS5Db21wb25lbnRNb2RlbC5XaW4zMkV4Y2VwdGlvbgogICAgewogICAgICAgIHByaXZhdGUgc3RyaW5nIF9tc2c7CiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KICAgICAgICBwdWJsaWMgV2luMzJFeGNlcHRpb24oaW50IGVycm9yQ29kZSwgc3RyaW5nIG1lc3NhZ2UpIDogYmFzZShlcnJvckNvZGUpCiAgICAgICAgewogICAgICAgICAgICBfbXNnID0gU3RyaW5nLkZvcm1hdCgiezB9ICh7MX0sIFdpbjMyRXJyb3JDb2RlIHsyfSkiLCBtZXNzYWdlLCBiYXNlLk1lc3NhZ2UsIGVycm9yQ29kZSk7CiAgICAgICAgfQogICAgICAgIHB1YmxpYyBvdmVycmlkZSBzdHJpbmcgTWVzc2FnZSB7IGdldCB7IHJldHVybiBfbXNnOyB9IH0KICAgICAgICBwdWJsaWMgc3RhdGljIGV4cGxpY2l0IG9wZXJhdG9yIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSB7IHJldHVybiBuZXcgV2luMzJFeGNlcHRpb24obWVzc2FnZSk7IH0KICAgIH0KCiAgICBwdWJsaWMgY2xhc3MgUHJpdmlsZWdlcwogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIHJlYWRvbmx5IFVJbnQzMiBUT0tFTl9QUklWSUxFR0VTID0gMzsKCgogICAgICAgIHB1YmxpYyBzdGF0aWMgYm9vbCBDaGVja1ByaXZpbGVnZU5hbWUoc3RyaW5nIG5hbWUpCiAgICAgICAgewogICAgICAgICAgICBOYXRpdmVIZWxwZXJzLkxVSUQgbHVpZDsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLkxvb2t1cFByaXZpbGVnZVZhbHVlKG51bGwsIG5hbWUsIG91dCBsdWlkKSkKICAgICAgICAgICAgewogICAgICAgICAgICAgICAgaW50IGVyckNvZGUgPSBNYXJzaGFsLkdldExhc3RXaW4zMkVycm9yKCk7CiAgICAgICAgICAgICAgICBpZiAoZXJyQ29kZSAhPSAxMzEzKSAgLy8gRVJST1JfTk9fU1VDSF9QUklWSUxFR0UKICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oZXJyQ29kZSwgU3RyaW5nLkZvcm1hdCgiTG9va3VwUHJpdmlsZWdlVmFsdWUoezB9KSBmYWlsZWQiLCBuYW1lKSk7CiAgICAgICAgICAgICAgICByZXR1cm4gZmFsc2U7CiAgICAgICAgICAgIH0KICAgICAgICAgICAgZWxzZQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICByZXR1cm4gdHJ1ZTsKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+IERpc2FibGVQcml2aWxlZ2UoU2FmZUhhbmRsZSB0b2tlbiwgc3RyaW5nIHByaXZpbGVnZSkKICAgICAgICB7CiAgICAgICAgICAgIHJldHVybiBTZXRUb2tlblByaXZpbGVnZXModG9rZW4sIG5ldyBEaWN0aW9uYXJ5PHN0cmluZywgYm9vbD8+KCkgeyB7IHByaXZpbGVnZSwgZmFsc2UgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PiBEaXNhYmxlQWxsUHJpdmlsZWdlcyhTYWZlSGFuZGxlIHRva2VuKQogICAgICAgIHsKICAgICAgICAgICAgcmV0dXJuIEFkanVzdFRva2VuUHJpdmlsZWdlcyh0b2tlbiwgbnVsbCk7CiAgICAgICAgfQoKICAgICAgICBwdWJsaWMgc3RhdGljIERpY3Rpb25hcnk8c3RyaW5nLCBib29sPz4gRW5hYmxlUHJpdmlsZWdlKFNhZmVIYW5kbGUgdG9rZW4sIHN0cmluZyBwcml2aWxlZ2UpCiAgICAgICAgewogICAgICAgICAgICByZXR1cm4gU2V0VG9rZW5Qcml2aWxlZ2VzKHRva2VuLCBuZXcgRGljdGlvbmFyeTxzdHJpbmcsIGJvb2w/PigpIHsgeyBwcml2aWxlZ2UsIHRydWUgfSB9KTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IEdldEFsbFByaXZpbGVnZUluZm8oU2FmZUhhbmRsZSB0b2tlbikKICAgICAgICB7CiAgICAgICAgICAgIEludFB0ciBoVG9rZW4gPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKCFOYXRpdmVNZXRob2RzLk9wZW5Qcm9jZXNzVG9rZW4odG9rZW4sIFRva2VuQWNjZXNzTGV2ZWxzLlF1ZXJ5LCBvdXQgaFRva2VuKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiT3BlblByb2Nlc3NUb2tlbigpIGZhaWxlZCIpOwoKICAgICAgICAgICAgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+IGluZm8gPSBuZXcgRGljdGlvbmFyeTxTdHJpbmcsIFByaXZpbGVnZUF0dHJpYnV0ZXM+KCk7CiAgICAgICAgICAgIHRyeQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBVSW50MzIgdG9rZW5MZW5ndGggPSAwOwogICAgICAgICAgICAgICAgTmF0aXZlTWV0aG9kcy5HZXRUb2tlbkluZm9ybWF0aW9uKGhUb2tlbiwgVE9LRU5fUFJJVklMRUdFUywgSW50UHRyLlplcm8sIDAsIG91dCB0b2tlbkxlbmd0aCk7CgogICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5MVUlEX0FORF9BVFRSSUJVVEVTW10gcHJpdmlsZWdlczsKICAgICAgICAgICAgICAgIEludFB0ciBwcml2aWxlZ2VzUHRyID0gTWFyc2hhbC5BbGxvY0hHbG9iYWwoKGludCl0b2tlbkxlbmd0aCk7CiAgICAgICAgICAgICAgICB0cnkKICAgICAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgICAgICBpZiAoIU5hdGl2ZU1ldGhvZHMuR2V0VG9rZW5JbmZvcm1hdGlvbihoVG9rZW4sIFRPS0VOX1BSSVZJTEVHRVMsIHByaXZpbGVnZXNQdHIsIHRva2VuTGVuZ3RoLCBvdXQgdG9rZW5MZW5ndGgpKQogICAgICAgICAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkdldFRva2VuSW5mb3JtYXRpb24oKSBmb3IgVE9LRU5fUFJJVklMRUdFUyBmYWlsZWQiKTsKCiAgICAgICAgICAgICAgICAgICAgTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTIHByaXZpbGVnZUluZm8gPSAoTmF0aXZlSGVscGVycy5UT0tFTl9QUklWSUxFR0VTKU1hcnNoYWwu ScriptBlock ID: c813086e-ca10-4877-998f-e5a2f7af172d Path:	4104	1		3	2	15	0	1704	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4336	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0001-fb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1703	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	696	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0004-c688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 692 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1702	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	4312	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0004-c688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1701	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	692	696	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:15 PM	fe3d87aa-a761-0004-c688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7830eb83-c656-4b4e-ade5-275bd0728b7d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 60606f39-d319-47d4-ac24-f9650cf562e7 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1700	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3636	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:06 PM	fe3d87aa-a761-0003-4789-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: 91dd7110-98c0-4639-a10c-8c2a1e333ab4 Path:	4104	1		3	2	15	0	1699	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3636	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:06 PM	fe3d87aa-a761-0003-4189-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 7830eb83-c656-4b4e-ade5-275bd0728b7d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 60606f39-d319-47d4-ac24-f9650cf562e7 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1698	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3636	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:06 PM	fe3d87aa-a761-0003-3989-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: 9d02a36d-c073-4e0b-bcfa-8c90c4fbd060 Path:	4104	1		3	2	15	0	1697	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3636	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:05 PM	fe3d87aa-a761-0003-cd88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ece37cc2-3b44-40fa-adc5-6c100cb3024d Path:	4104	1		3	2	15	0	1696	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3884	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:05 PM	fe3d87aa-a761-0003-cb88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e38dd0c5-a488-40ce-b63a-8bb8b03cdd2b Path:	4104	1		3	2	15	0	1695	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3884	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0003-bc88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): vcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d2c5ae44-8cc3-469d-92f1-58405a5c7e76 Path:	4104	1		3	2	15	0	1694	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3884	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0002-ba88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): b2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZ ScriptBlock ID: d2c5ae44-8cc3-469d-92f1-58405a5c7e76 Path:	4104	1		3	2	15	0	1693	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3884	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0002-ba88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19t ScriptBlock ID: d2c5ae44-8cc3-469d-92f1-58405a5c7e76 Path:	4104	1		3	2	15	0	1692	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3884	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0002-ba88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1691	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3736	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0001-c388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3824 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1690	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3760	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0001-c388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1689	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3824	3736	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:56:04 PM	fe3d87aa-a761-0001-c388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Exception calling ".ctor" with "1" argument(s): "Value was invalid. Parameter name: sddlForm" Fully Qualified Error ID = ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9cb2718b-1efb-4b59-bc33-56daa9640d68 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 42cf2c1d-ddf3-4c2c-b583-efa35b50b2f8 Pipeline ID = 6 Command Name = New-Object Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1688	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4900	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:57 PM	fe3d87aa-a761-0004-7f88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e264e2fc-7797-4531-bff9-878b765d7310 Path:	4104	1		3	2	15	0	1687	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:57 PM	fe3d87aa-a761-0003-8a88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c57248ba-bf27-4447-8a86-ed1839048b64 Path:	4104	1		3	2	15	0	1686	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0005-9688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: aac69e9f-ffd9-44fb-a1da-4ef0a68e58b6 Path:	4104	1		3	2	15	0	1685	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5d88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "neutron-hyperv-agent", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "administrator@cbci-851359-2.local", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack Neutron Hyper-V Agent Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe neutron-hyperv-agent c:\\python38\\scripts\\neutron-hyperv-agent.exe --config-file c:\\openstack\\etc\\neutron-hyperv-agent.conf", "password": "Passw0rd", "_ansible_no_log": false, "name": "neutron-hyperv-agent", ScriptBlock ID: aac69e9f-ffd9-44fb-a1da-4ef0a68e58b6 Path:	4104	1		3	2	15	0	1684	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5d88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): lCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAg ScriptBlock ID: aac69e9f-ffd9-44fb-a1da-4ef0a68e58b6 Path:	4104	1		3	2	15	0	1683	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5d88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWd ScriptBlock ID: aac69e9f-ffd9-44fb-a1da-4ef0a68e58b6 Path:	4104	1		3	2	15	0	1682	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4280	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5d88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1681	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4456	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5b88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4536 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1680	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4300	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5b88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1679	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4456	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:56 PM	fe3d87aa-a761-0004-5b88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = Exception calling ".ctor" with "1" argument(s): "Value was invalid. Parameter name: sddlForm" Fully Qualified Error ID = ConstructorInvokedThrowException,Microsoft.PowerShell.Commands.NewObjectCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = a6444059-3486-44a8-aa26-5d7f7bf7ce0d Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = b46b8237-6691-4409-83ae-e095dad66514 Pipeline ID = 6 Command Name = New-Object Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1678	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	2760	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:48 PM	fe3d87aa-a761-0000-a788-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: af32fe86-de69-42cd-b983-560ef4b571c6 Path:	4104	1		3	2	15	0	1677	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7e88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: f6542831-9bc8-47b0-8124-455774ac33fa Path:	4104	1		3	2	15	0	1676	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7788-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): lcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_check_mode": false, "display_name": "nova-compute", "_ansible_module_name": "win_service", "state": "started", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "username": "administrator@cbci-851359-2.local", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "description": "OpenStack nova Compute Service", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "path": "c:\\openstack\\bin\\OpenStackService.exe nova-compute c:\\python38\\scripts\\nova-compute.exe --config-file c:\\openstack\\etc\\nova.conf", "password": "Passw0rd", "_ansible_no_log": false, "name": "nova-compute", "start_mode": "auto", "_ansible_verbosity": 2, "_ansible_diff": false, "_ansible_remote_tmp": "%TEMP%", "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c772e0e3-9cd6-4e88-ae5f-b0a9e0571960 Path:	4104	1		3	2	15	0	1675	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): UpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJGNoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICR ScriptBlock ID: c772e0e3-9cd6-4e88-ae5f-b0a9e0571960 Path:	4104	1		3	2	15	0	1674	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): F1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbW ScriptBlock ID: c772e0e3-9cd6-4e88-ae5f-b0a9e0571960 Path:	4104	1		3	2	15	0	1673	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZm ScriptBlock ID: c772e0e3-9cd6-4e88-ae5f-b0a9e0571960 Path:	4104	1		3	2	15	0	1672	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4860	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0001-7188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1671	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4748	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0004-5688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3676 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1670	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4820	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0004-5688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1669	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3676	4748	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:47 PM	fe3d87aa-a761-0004-5688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1668	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3668	2936	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:43 PM	fe3d87aa-a761-0003-6788-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3668 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1667	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3668	3804	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:42 PM	fe3d87aa-a761-0003-6788-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1666	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3668	2936	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:42 PM	fe3d87aa-a761-0003-6788-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2ef53c6b-435c-4a5f-ac4c-f32ae653302e Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = af95d39f-974c-41f3-815a-ea2e8cb6a9f1 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1665	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	3768	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:42 PM	fe3d87aa-a761-0001-6288-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d59972d2-d250-468f-92f9-7cf947ead7bd Path:	4104	1		3	2	15	0	1664	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:42 PM	fe3d87aa-a761-0003-6688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 37ed3e2b-c32e-44dc-9a4d-56726baea723 Path:	4104	1		3	2	15	0	1663	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:42 PM	fe3d87aa-a761-0003-5f88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 8db12575-2c87-4a88-9062-43d02deddcbf Path:	4104	1		3	2	15	0	1662	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0004-3b88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): QWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Set-VMHost -VirtualMachineMigrationAuthenticationType Kerberos -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 15dcbdab-70d8-45e7-986b-5f1a1b68c812 Path:	4104	1		3	2	15	0	1661	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0004-3688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): D0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9y ScriptBlock ID: 15dcbdab-70d8-45e7-986b-5f1a1b68c812 Path:	4104	1		3	2	15	0	1660	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0004-3688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): zdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5I ScriptBlock ID: 15dcbdab-70d8-45e7-986b-5f1a1b68c812 Path:	4104	1		3	2	15	0	1659	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0004-3688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSB ScriptBlock ID: 15dcbdab-70d8-45e7-986b-5f1a1b68c812 Path:	4104	1		3	2	15	0	1658	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0004-3688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1657	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0003-4e88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2980 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1656	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	3892	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0003-4e88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1655	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2980	2948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:41 PM	fe3d87aa-a761-0003-4e88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1654	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4100	3132	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:38 PM	fe3d87aa-a761-0003-2688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4100 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1653	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4100	4172	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:38 PM	fe3d87aa-a761-0003-2688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1652	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4100	3132	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:38 PM	fe3d87aa-a761-0003-2688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 21e3d829-fb9c-4df5-a2fb-520dd83877c1 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = db9e574f-cf44-4db8-aa10-9a01e43586ac Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1651	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5088	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:38 PM	fe3d87aa-a761-0002-4f88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: c8427df0-8a96-437a-bb7b-91a52c229442 Path:	4104	1		3	2	15	0	1650	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-2f88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d21d30dc-ada4-4072-9e4e-31ae29f8a317 Path:	4104	1		3	2	15	0	1649	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-2888-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: a72b5f70-356a-42bb-8cd2-90c848605dc4 Path:	4104	1		3	2	15	0	1648	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-1988-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): 4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Set-VMHost -useanynetworkformigration $true -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ca14591d-a54f-4534-abb5-cd33a6e2ed1f Path:	4104	1		3	2	15	0	1647	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-1388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): gICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV ScriptBlock ID: ca14591d-a54f-4534-abb5-cd33a6e2ed1f Path:	4104	1		3	2	15	0	1646	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-1388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7Cgo ScriptBlock ID: ca14591d-a54f-4534-abb5-cd33a6e2ed1f Path:	4104	1		3	2	15	0	1645	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-1388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAg ScriptBlock ID: ca14591d-a54f-4534-abb5-cd33a6e2ed1f Path:	4104	1		3	2	15	0	1644	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5056	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0000-1388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1643	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	4976	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0003-2388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1642	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	5044	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:37 PM	fe3d87aa-a761-0003-2388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1641	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	4976	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:36 PM	fe3d87aa-a761-0003-2388-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1640	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4540	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:31 PM	fe3d87aa-a761-0000-0888-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4536 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1639	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4608	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:30 PM	fe3d87aa-a761-0000-0888-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1638	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4536	4540	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:30 PM	fe3d87aa-a761-0000-0888-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 0152e48f-1872-4519-a598-fe97b50f4fb9 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 17adea94-d179-43c2-be3e-55c61da527d7 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1637	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4488	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:30 PM	fe3d87aa-a761-0001-2988-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9f62a810-f0fb-4c05-b954-2f557186c174 Path:	4104	1		3	2	15	0	1636	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:30 PM	fe3d87aa-a761-0002-1688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: afb7b335-26c2-4bd4-bb58-08f9b3790dc6 Path:	4104	1		3	2	15	0	1635	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:30 PM	fe3d87aa-a761-0002-0f88-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 72dfb08e-0234-4f37-a760-6a8678db5da5 Path:	4104	1		3	2	15	0	1634	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0005-3688-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): hod $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 99746ef1-2788-4da0-b13c-cb5e64868c89 Path:	4104	1		3	2	15	0	1633	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0005-3088-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): zZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Enable-VMMigration -passthru -ErrorAction silentlycontinue", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run met ScriptBlock ID: 99746ef1-2788-4da0-b13c-cb5e64868c89 Path:	4104	1		3	2	15	0	1632	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0005-3088-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWx ScriptBlock ID: 99746ef1-2788-4da0-b13c-cb5e64868c89 Path:	4104	1		3	2	15	0	1631	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0005-3088-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3 ScriptBlock ID: 99746ef1-2788-4da0-b13c-cb5e64868c89 Path:	4104	1		3	2	15	0	1630	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4452	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0005-3088-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1629	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4372	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0000-0188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4368 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1628	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4440	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0000-0188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1627	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4368	4372	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:29 PM	fe3d87aa-a761-0000-0188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1626	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4124	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:24 PM	fe3d87aa-a761-0000-f087-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4120 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1625	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4196	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:24 PM	fe3d87aa-a761-0000-f087-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1624	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4124	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:24 PM	fe3d87aa-a761-0000-f087-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 1456278d-0595-496c-b43d-f60c4ba4d9ed Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = de679ef8-fa89-40df-9cf6-b93519a9f135 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1623	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3976	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:24 PM	fe3d87aa-a761-0001-ff87-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9b3fd774-a978-4f6c-a484-dbfd5e33469d Path:	4104	1		3	2	15	0	1622	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:22 PM	fe3d87aa-a761-0005-0888-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ab7acc84-d6fa-47ba-90d4-50fc0bfaa1eb Path:	4104	1		3	2	15	0	1621	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:22 PM	fe3d87aa-a761-0005-0188-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: c8add00d-7688-4fdc-b8a4-edcf8f2db971 Path:	4104	1		3	2	15	0	1620	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:21 PM	fe3d87aa-a761-0005-f787-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): SBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "c:\\openstack\\bin\\SetUserAccountRights.exe -g administrator@cbci-851359-2.local -v SeServiceLogonRight", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 51e12789-b2bc-4c43-86f4-aab1a20b2dde Path:	4104	1		3	2	15	0	1619	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0005-f187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): GQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgY ScriptBlock ID: 51e12789-b2bc-4c43-86f4-aab1a20b2dde Path:	4104	1		3	2	15	0	1618	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0005-f187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): zdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZ ScriptBlock ID: 51e12789-b2bc-4c43-86f4-aab1a20b2dde Path:	4104	1		3	2	15	0	1617	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0005-f187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbih ScriptBlock ID: 51e12789-b2bc-4c43-86f4-aab1a20b2dde Path:	4104	1		3	2	15	0	1616	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3644	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0005-f187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1615	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	2948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0000-e687-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2940 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1614	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	3412	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0000-e687-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1613	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2940	2948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:20 PM	fe3d87aa-a761-0000-e687-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1612	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3860	3876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:19 PM	fe3d87aa-a761-0001-e587-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3860 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1611	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3860	3632	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:19 PM	fe3d87aa-a761-0001-e587-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1610	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3860	3876	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:19 PM	fe3d87aa-a761-0001-e587-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1609	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3108	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:17 PM	fe3d87aa-a761-0001-e187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3108 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1608	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3108	2948	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:17 PM	fe3d87aa-a761-0001-e187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1607	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3108	2744	n-h1-851359-2.cbci-851359-2.local	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:54:16 PM	fe3d87aa-a761-0001-e187-3dfe61a7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1606	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4696	4748	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:40 PM	1909dffc-a75a-0003-18ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4696 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1605	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4696	8	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:40 PM	1909dffc-a75a-0003-18ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1604	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4696	4748	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:40 PM	1909dffc-a75a-0003-18ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1603	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1328	2068	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:38 PM	1909dffc-a75a-0002-23ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1328 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1602	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1328	1800	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:38 PM	1909dffc-a75a-0002-23ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1601	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1328	2068	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0002-23ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1600	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4432	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0002-21ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4432 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1599	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4432	2844	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0002-21ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1598	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4432	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0002-21ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1597	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	4736	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0001-e0f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2932 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1596	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	4124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:37 PM	1909dffc-a75a-0001-e0f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1595	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2932	4736	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:36 PM	1909dffc-a75a-0001-e0f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4fc7130c-a7ef-4a13-a334-dcceab960b80 Path:	4104	1		3	2	15	0	1594	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:33 PM	1909dffc-a75a-0000-c7f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9be6ab57-2ea2-4bd8-8b09-a1416678fb24 Path:	4104	1		3	2	15	0	1593	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:33 PM	1909dffc-a75a-0000-b8f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): 0LmNoYW5nZWQgLWFuZCAtbm90ICRfYW5zaWJsZV9jaGVja19tb2RlKSB7CiAgICAgICAgICAgICAgICBJZigtbm90ICRkb21haW5fbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICBJZihJcy1Eb21haW5Kb2luZWQpIHsKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImRvbWFpbiBkb2Vzbid0IG1hdGNoLCBhbmQgd2UncmUgYWxyZWFkeSBqb2luZWQgdG8gYW5vdGhlciBkb21haW4iCiAgICAgICAgICAgICAgICAgICAgICAgIHRocm93ICJzd2l0Y2hpbmcgZG9tYWlucyBpcyBub3QgaW1wbGVtZW50ZWQiCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAkam9pbl9hcmdzID0gQHsKICAgICAgICAgICAgICAgICAgICAgICAgZG5zX2RvbWFpbl9uYW1lID0gJGRuc19kb21haW5fbmFtZQogICAgICAgICAgICAgICAgICAgICAgICBkb21haW5fYWRtaW5fdXNlciA9ICRkb21haW5fYWRtaW5fdXNlcgogICAgICAgICAgICAgICAgICAgICAgICBkb21haW5fYWRtaW5fcGFzc3dvcmQgPSAkZG9tYWluX2FkbWluX3Bhc3N3b3JkCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAibm90IGEgZG9tYWluIG1lbWJlciwgam9pbmluZy4uLiIKCiAgICAgICAgICAgICAgICAgICAgSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImFkZGluZyBob3N0bmFtZSBjaGFuZ2UgdG8gZG9tYWluLWpvaW4gYXJncyIKICAgICAgICAgICAgICAgICAgICAgICAgJGpvaW5fYXJncy5uZXdfaG9zdG5hbWUgPSAkaG9zdG5hbWUKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgSWYoJGRvbWFpbl9vdV9wYXRoIC1uZSAkbnVsbCl7ICMgSWYgT1UgUGF0aCBpcyBub3QgZW1wdHkKICAgICAgICAgICAgICAgICAgICAgICAgV3JpdGUtRGVidWdMb2cgImFkZGluZyBkb21haW5fb3VfcGF0aCB0byBkb21haW4tam9pbiBhcmdzIgogICAgICAgICAgICAgICAgICAgICAgICAkam9pbl9hcmdzLmRvbWFpbl9vdV9wYXRoID0gJGRvbWFpbl9vdV9wYXRoCiAgICAgICAgICAgICAgICAgICAgfQoKICAgICAgICAgICAgICAgICAgICAkam9pbl9yZXN1bHQgPSBKb2luLURvbWFpbiBAam9pbl9hcmdzCgogICAgICAgICAgICAgICAgICAgICMgdGhpcyBjaGFuZ2UgcmVxdWlyZXMgYSByZWJvb3QKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LnJlYm9vdF9yZXF1aXJlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBFbHNlSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsgIyBkb21haW4gbWF0Y2hlcyBidXQgaG9zdG5hbWUgZG9lc24ndCwganVzdCBkbyBhIHJlbmFtZQogICAgICAgICAgICAgICAgICAgIFdyaXRlLURlYnVnTG9nICgiZG9tYWluIG1hdGNoZXMsIHNldHRpbmcgaG9zdG5hbWUgdG8gezB9IiAtZiAkaG9zdG5hbWUpCgogICAgICAgICAgICAgICAgICAgICRyZW5hbWVfYXJncyA9IEB7TmV3TmFtZT0kaG9zdG5hbWV9CgogICAgICAgICAgICAgICAgICAgIElmIChJcy1Eb21haW5Kb2luZWQpIHsKICAgICAgICAgICAgICAgICAgICAgICAgJGRvbWFpbl9jcmVkID0gQ3JlYXRlLUNyZWRlbnRpYWwgJGRvbWFpbl9hZG1pbl91c2VyICRkb21haW5fYWRtaW5fcGFzc3dvcmQKICAgICAgICAgICAgICAgICAgICAgICAgJHJlbmFtZV9hcmdzLkRvbWFpbkNyZWRlbnRpYWwgPSAkZG9tYWluX2NyZWQKICAgICAgICAgICAgICAgICAgICB9CgogICAgICAgICAgICAgICAgICAgICRyZW5hbWVfcmVzdWx0ID0gUmVuYW1lLUNvbXB1dGVyIEByZW5hbWVfYXJncwoKICAgICAgICAgICAgICAgICAgICAjIHRoaXMgY2hhbmdlIHJlcXVpcmVzIGEgcmVib290CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5yZWJvb3RfcmVxdWlyZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgICAgICAgICAjIG5vIGNoYW5nZSBpcyBuZWVkZWQKICAgICAgICAgICAgICAgIH0KCiAgICAgICAgICAgIH0KICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiY2hlY2sgbW9kZSwgZXhpdGluZyBlYXJseS4uLiIKICAgICAgICAgICAgfQoKICAgICAgICB9CgogICAgICAgIHdvcmtncm91cCB7CiAgICAgICAgICAgICR3b3JrZ3JvdXBfbWF0Y2ggPSAkKEdldC1Xb3JrZ3JvdXApIC1lcSAkd29ya2dyb3VwX25hbWUKCiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgJHdvcmtncm91cF9tYXRjaCkKCiAgICAgICAgICAgIElmKC1ub3QgJF9hbnNpYmxlX2NoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIElmKC1ub3QgJHdvcmtncm91cF9tYXRjaCkgewogICAgICAgICAgICAgICAgICAgIFdyaXRlLURlYnVnTG9nICgic2V0dGluZyB3b3JrZ3JvdXAgdG8gezB9IiAtZiAkd29ya2dyb3VwX25hbWUpCiAgICAgICAgICAgICAgICAgICAgJGpvaW5fd2dfcmVzdWx0ID0gSm9pbi1Xb3JrZ3JvdXAgLXdvcmtncm91cF9uYW1lICR3b3JrZ3JvdXBfbmFtZSAtZG9tYWluX2FkbWluX3VzZXIgJGRvbWFpbl9hZG1pbl91c2VyIC1kb21haW5fYWRtaW5fcGFzc3dvcmQgJGRvbWFpbl9hZG1pbl9wYXNzd29yZAoKICAgICAgICAgICAgICAgICAgICAjIHRoaXMgY2hhbmdlIHJlcXVpcmVzIGEgcmVib290CiAgICAgICAgICAgICAgICAgICAgJHJlc3VsdC5yZWJvb3RfcmVxdWlyZWQgPSAkdHJ1ZQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgSWYoLW5vdCAkaG9zdG5hbWVfbWF0Y2gpIHsKICAgICAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAoInNldHRpbmcgaG9zdG5hbWUgdG8gezB9IiAtZiAkaG9zdG5hbWUpCiAgICAgICAgICAgICAgICAgICAgJHJlbmFtZV9yZXN1bHQgPSBSZW5hbWUtQ29tcHV0ZXIgLU5ld05hbWUgJGhvc3RuYW1lCgogICAgICAgICAgICAgICAgICAgICMgdGhpcyBjaGFuZ2UgcmVxdWlyZXMgYSByZWJvb3QKICAgICAgICAgICAgICAgICAgICAkcmVzdWx0LnJlYm9vdF9yZXF1aXJlZCA9ICR0cnVlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgZGVmYXVsdCB7IHRocm93ICJpbnZhbGlkIHN0YXRlICRzdGF0ZSIgfQogICAgfQoKICAgIEV4aXQtSnNvbiAkcmVzdWx0Cn0KQ2F0Y2ggewogICAgJGV4Y2VwID0gJF8KCiAgICBXcml0ZS1EZWJ1Z0xvZyAiRXhjZXB0aW9uOiAkKCRleGNlcCB8IG91dC1zdHJpbmcpIgoKICAgIFRocm93Cn0K", "module_args": {"_ansible_version": "2.7.0", "_ansible_syslog_facility": "LOG_USER", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "domain_admin_user": "administrator@cbci-851359-2.local", "log_path": "c:\\openstack\\log\\join-ad-result.log", "dns_domain_name": "cbci-851359-2.local", "_ansible_module_name": "win_domain_membership", "hostname": "n-h1-851359-2", "domain_admin_password": "Passw0rd", "_ansible_keep_remote_files": false, "_ansible_verbosity": 2, "_ansible_socket": null, "state": "domain", "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: e851aab8-d43c-4cbd-bf15-de77bedc4d83 Path:	4104	1		3	2	15	0	1592	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:33 PM	1909dffc-a75a-0000-b2f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIFJlZCBIYXQsIEluYy4KIyBHTlUgR2VuZXJhbCBQdWJsaWMgTGljZW5zZSB2My4wKyAoc2VlIENPUFlJTkcgb3IgaHR0cHM6Ly93d3cuZ251Lm9yZy9saWNlbnNlcy9ncGwtMy4wLnR4dCkKCiNSZXF1aXJlcyAtTW9kdWxlIEFuc2libGUuTW9kdWxlVXRpbHMuTGVnYWN5CgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyCgokRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIlN0b3AiCgokbG9nX3BhdGggPSAkbnVsbAoKRnVuY3Rpb24gV3JpdGUtRGVidWdMb2cgewogICAgUGFyYW0oCiAgICBbc3RyaW5nXSRtc2cKICAgICkKCiAgICAkRGVidWdQcmVmZXJlbmNlID0gIkNvbnRpbnVlIgogICAgJGRhdGVfc3RyID0gR2V0LURhdGUgLUZvcm1hdCB1CiAgICAkbXNnID0gIiRkYXRlX3N0ciAkbXNnIgoKICAgIFdyaXRlLURlYnVnICRtc2cKCiAgICBpZigkbG9nX3BhdGgpIHsKICAgICAgICBBZGQtQ29udGVudCAkbG9nX3BhdGggJG1zZwogICAgfQp9CgpGdW5jdGlvbiBHZXQtRG9tYWluTWVtYmVyc2hpcE1hdGNoIHsKICAgIFBhcmFtKAogICAgICAgIFtzdHJpbmddICRkbnNfZG9tYWluX25hbWUKICAgICkKCiAgICAjIEZVVFVSRTogYWRkIHN1cHBvcnQgZm9yIE5ldEJJT1MgZG9tYWluIG5hbWU/CgogICAgIyB0aGlzIHJlcXVpcmVzIHRoZSBEQyB0byBiZSBhY2Nlc3NpYmxlOyAiREMgdW5hdmFpbGFibGUiIGlzIGluZGlzdGluZ3Vpc2hhYmxlIGZyb20gIm5vdCBqb2luZWQgdG8gdGhlIGRvbWFpbiIuLi4KICAgIFRyeSB7CiAgICAgICAgV3JpdGUtRGVidWdMb2cgImNhbGxpbmcgR2V0Q29tcHV0ZXJEb21haW4oKSIKICAgICAgICAkY3VycmVudF9kbnNfZG9tYWluID0gW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY3RpdmVEaXJlY3RvcnkuRG9tYWluXTo6R2V0Q29tcHV0ZXJEb21haW4oKS5OYW1lCgogICAgICAgICRkb21haW5fbWF0Y2ggPSAkY3VycmVudF9kbnNfZG9tYWluIC1lcSAkZG5zX2RvbWFpbl9uYW1lCgogICAgICAgIFdyaXRlLURlYnVnTG9nICgiY3VycmVudCBkb21haW4gezB9IG1hdGNoZXMgezF9OiB7Mn0iIC1mICRjdXJyZW50X2Ruc19kb21haW4sICRkbnNfZG9tYWluX25hbWUsICRkb21haW5fbWF0Y2gpCgogICAgICAgIHJldHVybiAkZG9tYWluX21hdGNoCiAgICB9CiAgICBDYXRjaCBbU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjdGl2ZURpcmVjdG9yeS5BY3RpdmVEaXJlY3RvcnlPYmplY3ROb3RGb3VuZEV4Y2VwdGlvbl0gewogICAgICAgIFdyaXRlLURlYnVnTG9nICJub3QgY3VycmVudGx5IGpvaW5lZCB0byBhIHJlYWNoYWJsZSBkb21haW4iCiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBDcmVhdGUtQ3JlZGVudGlhbCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkY3JlZF91c2VyLAogICAgICAgIFtzdHJpbmddICRjcmVkX3Bhc3MKICAgICkKCiAgICAkY3JlZCA9IE5ldy1PYmplY3QgU3lzdGVtLk1hbmFnZW1lbnQuQXV0b21hdGlvbi5QU0NyZWRlbnRpYWwoJGNyZWRfdXNlciwgJCgkY3JlZF9wYXNzIHwgQ29udmVydFRvLVNlY3VyZVN0cmluZyAtQXNQbGFpblRleHQgLUZvcmNlKSkKCiAgICByZXR1cm4gJGNyZWQKfQoKRnVuY3Rpb24gR2V0LUhvc3RuYW1lTWF0Y2ggewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGhvc3RuYW1lCiAgICApCgogICAgIyBBZGQtQ29tcHV0ZXIgd2lsbCB2YWxpZGF0ZSB0aGUgInNoYXBlIiBvZiB0aGUgaG9zdG5hbWUtIHdlIGp1c3QgY2FyZSBpZiBpdCBtYXRjaGVzLi4uCgogICAgJGhvc3RuYW1lX21hdGNoID0gJGVudjpDT01QVVRFUk5BTUUgLWVxICRob3N0bmFtZQogICAgV3JpdGUtRGVidWdMb2cgKCJjdXJyZW50IGhvc3RuYW1lIHswfSBtYXRjaGVzIHsxfTogezJ9IiAtZiAkZW52OkNPTVBVVEVSTkFNRSwgJGhvc3RuYW1lLCAkaG9zdG5hbWVfbWF0Y2gpCgogICAgcmV0dXJuICRob3N0bmFtZV9tYXRjaAp9CgpGdW5jdGlvbiBJcy1Eb21haW5Kb2luZWQgewogICAgcmV0dXJuIChHZXQtV21pT2JqZWN0IFdpbjMyX0NvbXB1dGVyU3lzdGVtKS5QYXJ0T2ZEb21haW4KfQoKRnVuY3Rpb24gSm9pbi1Eb21haW4gewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGRuc19kb21haW5fbmFtZSwKICAgICAgICBbc3RyaW5nXSAkbmV3X2hvc3RuYW1lLAogICAgICAgIFtzdHJpbmddICRkb21haW5fYWRtaW5fdXNlciwKICAgICAgICBbc3RyaW5nXSAkZG9tYWluX2FkbWluX3Bhc3N3b3JkLAogICAgICAgIFtzdHJpbmddICRkb21haW5fb3VfcGF0aAogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiQ3JlYXRpbmcgY3JlZGVudGlhbCBmb3IgdXNlciB7MH0iIC1mICRkb21haW5fYWRtaW5fdXNlcikKICAgICRkb21haW5fY3JlZCA9IENyZWF0ZS1DcmVkZW50aWFsICRkb21haW5fYWRtaW5fdXNlciAkZG9tYWluX2FkbWluX3Bhc3N3b3JkCgogICAgJGFkZF9hcmdzID0gQHsKICAgICAgICBDb21wdXRlck5hbWU9Ii4iCiAgICAgICAgQ3JlZGVudGlhbD0kZG9tYWluX2NyZWQKICAgICAgICBEb21haW5OYW1lPSRkbnNfZG9tYWluX25hbWUKICAgICAgICBGb3JjZT0kbnVsbAogICAgfQoKICAgIFdyaXRlLURlYnVnTG9nICJhZGRpbmcgaG9zdG5hbWUgc2V0IGFyZyB0byBBZGQtQ29tcHV0ZXIgYXJncyIKICAgIElmKCRuZXdfaG9zdG5hbWUpIHsKICAgICAgICAkYWRkX2FyZ3NbIk5ld05hbWUiXSA9ICRuZXdfaG9zdG5hbWUKICAgIH0KCgogICAgaWYoJGRvbWFpbl9vdV9wYXRoKXsKICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiYWRkaW5nIE9VIGRlc3RpbmF0aW9uIGFyZyB0byBBZGQtQ29tcHV0ZXIgYXJncyIKICAgICAgICAkYWRkX2FyZ3NbIk9VUGF0aCJdID0gJGRvbWFpbl9vdV9wYXRoCiAgICB9CiAgICAkYXJnc3RyID0gJGFkZF9hcmdzIHwgT3V0LVN0cmluZwogICAgV3JpdGUtRGVidWdMb2cgImNhbGxpbmcgQWRkLUNvbXB1dGVyIHdpdGggYXJnczogJGFyZ3N0ciIKICAgIHRyeSB7CiAgICAgICAgJGFkZF9yZXN1bHQgPSBBZGQtQ29tcHV0ZXIgQGFkZF9hcmdzCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gam9pbiBkb21haW46ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQoKICAgIFdyaXRlLURlYnVnTG9nICgiQWRkLUNvbXB1dGVyIHJlc3VsdCB3YXMgXG57MH0iIC1mICRhZGRfcmVzdWx0IHwgT3V0LVN0cmluZykKfQoKRnVuY3Rpb24gR2V0LVdvcmtncm91cCB7CiAgICByZXR1cm4gKEdldC1XbWlPYmplY3QgV2luMzJfQ29tcHV0ZXJTeXN0ZW0pLldvcmtncm91cAp9CgpGdW5jdGlvbiBTZXQtV29ya2dyb3VwIHsKICAgIFBhcmFtKAogICAgICAgIFtzdHJpbmddICR3b3JrZ3JvdXBfbmFtZQogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiQ2FsbGluZyBKb2luRG9tYWluT3JXb3JrZ3JvdXAgd2l0aCB3b3JrZ3JvdXAgezB9IiAtZiAkd29ya2dyb3VwX25hbWUpCiAgICB0cnkgewogICAgICAgICRzd2dfcmVzdWx0ID0gKEdldC1XbWlPYmplY3QgLUNsYXNzTmFtZSBXaW4zMl9Db21wdXRlclN5c3RlbSkuSm9pbkRvbWFpbk9yV29ya2dyb3VwKCR3b3JrZ3JvdXBfbmFtZSkKICAgIH0gY2F0Y2ggewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byBjYWxsIFdpbjMyX0NvbXB1dGVyU3lzdGVtLkpvaW5Eb21haW5Pcldvcmtncm91cCgkd29ya2dyb3VwX25hbWUpOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICBpZiAoJHN3Z19yZXN1bHQuUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJmYWlsZWQgdG8gc2V0IHdvcmtncm91cCB0aHJvdWdoIFdNSSwgcmV0dXJuIHZhbHVlOiAkKCRzd2dfcmVzdWx0LlJldHVyblZhbHVlKSIKICAgIAogICAgcmV0dXJuICRzd2dfcmVzdWx0fQp9CgpGdW5jdGlvbiBKb2luLVdvcmtncm91cCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkd29ya2dyb3VwX25hbWUsCiAgICAgICAgW3N0cmluZ10gJGRvbWFpbl9hZG1pbl91c2VyLAogICAgICAgIFtzdHJpbmddICRkb21haW5fYWRtaW5fcGFzc3dvcmQKICAgICkKCiAgICBJZihJcy1Eb21haW5Kb2luZWQpIHsgIyBpZiB3ZSdyZSBvbiBhIGRvbWFpbiwgdW5qb2luIGl0ICh3aGljaCBmb3JjZXMgdXMgdG8gam9pbiBhIHdvcmtncm91cCkKICAgICAgICAkZG9tYWluX2NyZWQgPSBDcmVhdGUtQ3JlZGVudGlhbCAkZG9tYWluX2FkbWluX3VzZXIgJGRvbWFpbl9hZG1pbl9wYXNzd29yZAoKICAgICAgICAjIDIwMTIrIGNhbGwgdGhlIFdvcmtncm91cCBhcmcgV29ya2dyb3VwTmFtZSwgYnV0IHNlZW0gdG8gYWNjZXB0CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHJjX3Jlc3VsdCA9IFJlbW92ZS1Db21wdXRlciAtV29ya2dyb3VwICR3b3JrZ3JvdXBfbmFtZSAtQ3JlZGVudGlhbCAkZG9tYWluX2NyZWQgLUZvcmNlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImZhaWxlZCB0byByZW1vdmUgY29tcHV0ZXIgZnJvbSBkb21haW46ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgIH0KICAgIH0KCiAgICAjIHdlJ3JlIGFscmVhZHkgb24gYSB3b3JrZ3JvdXAtIGNoYW5nZSBpdC4KICAgIEVsc2UgewogICAgICAgICRzd2dfcmVzdWx0ID0gU2V0LVdvcmtncm91cCAkd29ya2dyb3VwX25hbWUKICAgIH0KfQoKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQogICAgcmVib290X3JlcXVpcmVkID0gJGZhbHNlCn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzIC1hcmd1bWVudHMgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWUKCiRzdGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAic3RhdGUiIC12YWxpZGF0ZXNldCBAKCJkb21haW4iLCJ3b3JrZ3JvdXAiKSAtZmFpbGlmZW1wdHkgJHJlc3VsdAoKJGRuc19kb21haW5fbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiZG5zX2RvbWFpbl9uYW1lIgokaG9zdG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImhvc3RuYW1lIgokd29ya2dyb3VwX25hbWUgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgIndvcmtncm91cF9uYW1lIgokZG9tYWluX2FkbWluX3VzZXIgPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImRvbWFpbl9hZG1pbl91c2VyIiAtZmFpbGlmZW1wdHkgJHJlc3VsdAokZG9tYWluX2FkbWluX3Bhc3N3b3JkID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJkb21haW5fYWRtaW5fcGFzc3dvcmQiIC1mYWlsaWZlbXB0eSAkcmVzdWx0CiRkb21haW5fb3VfcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiZG9tYWluX291X3BhdGgiCgokbG9nX3BhdGggPSBHZXQtQW5zaWJsZVBhcmFtICRwYXJhbXMgImxvZ19wYXRoIgokX2Fuc2libGVfY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLWRlZmF1bHQgJGZhbHNlCgpJZiAoJHN0YXRlIC1lcSAiZG9tYWluIikgewogICAgSWYoLW5vdCAkZG5zX2RvbWFpbl9uYW1lKSB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiZG5zX2RvbWFpbl9uYW1lIGlzIHJlcXVpcmVkIHdoZW4gc3RhdGUgaXMgJ2RvbWFpbiciCiAgICB9Cn0KRWxzZSB7ICMgd29ya2dyb3VwCiAgICBJZigtbm90ICR3b3JrZ3JvdXBfbmFtZSkgewogICAgICAgIEZhaWwtSnNvbiBAe30gIndvcmtncm91cF9uYW1lIGlzIHJlcXVpcmVkIHdoZW4gc3RhdGUgaXMgJ3dvcmtncm91cCciCiAgICB9Cn0KCgokZ2xvYmFsOmxvZ19wYXRoID0gJGxvZ19wYXRoCgpUcnkgewoKICAgICRob3N0bmFtZV9tYXRjaCA9IElmKCRob3N0bmFtZSkgeyBHZXQtSG9zdG5hbWVNYXRjaCAkaG9zdG5hbWUgfSBFbHNlIHsgJHRydWUgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgJGhvc3RuYW1lX21hdGNoKQoKICAgIFN3aXRjaCgkc3RhdGUpIHsKICAgICAgICBkb21haW4gewogICAgICAgICAgICAkZG9tYWluX21hdGNoID0gR2V0LURvbWFpbk1lbWJlcnNoaXBNYXRjaCAkZG5zX2RvbWFpbl9uYW1lCgogICAgICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkcmVzdWx0LmNoYW5nZWQgLW9yICgtbm90ICRkb21haW5fbWF0Y2gpCgogICAgICAgICAgICBJZigkcmVzdWx ScriptBlock ID: e851aab8-d43c-4cbd-bf15-de77bedc4d83 Path:	4104	1		3	2	15	0	1591	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:33 PM	1909dffc-a75a-0000-b2f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMK ScriptBlock ID: e851aab8-d43c-4cbd-bf15-de77bedc4d83 Path:	4104	1		3	2	15	0	1590	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:33 PM	1909dffc-a75a-0000-b2f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1589	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	2652	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:32 PM	1909dffc-a75a-0002-03ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3952 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1588	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	4488	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:32 PM	1909dffc-a75a-0002-03ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1587	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3952	2652	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:32 PM	1909dffc-a75a-0002-03ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): _value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecEncryptionType')) { [object]$__cmdletization_value = ${DnsSecIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecRequired')) { [object]$__cmdletization_value = ${DnsSecIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecValidationRequired')) { [object]$__cmdletization_value = ${DnsSecValidationRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecTrustAuthority')) { [object]$__cmdletization_value = ${IPsecTrustAuthority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameEncoding')) { [object]$__cmdletization_value = ${NameEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameServers')) { [object]$__cmdletization_value = ${NameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientNrptRule' -Alias '*' ScriptBlock ID: d1d72ffd-baaf-4f96-abe3-82b3a95301cc Path:	4104	1		3	2	15	0	1586	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): Parameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Force')) { [object]$__cmdletization_value = ${Force} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Force'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Remove', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-DnsClientNrptRule' -Alias '*' function Set-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessEnabled')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${DAEnable}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPSSECEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DAIPsecEncryptionType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPsecRequired')] [System.Nullable[bool]] ${DAIPsecRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessDNSServers')] [string[]] ${DANameServers}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyName')] [string] ${DAProxyServerName}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyType')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','NoProxy','UseDefault','UseProxyName')] [string] ${DAProxyType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${Comment}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecEnabled')] [bool] ${DnsSecEnable}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DnsSecIPsecEncryptionType}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecRequired')] [System.Nullable[bool]] ${DnsSecIPsecRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [System.Nullable[bool]] ${DnsSecValidationRequired}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${GpoName}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [Alias('IPsecCARestriction')] [string] ${IPsecTrustAuthority}, [Parameter(ParameterSetName='Set3', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateSet('Disable','Utf8WithMapping','Utf8WithoutMapping','Punycode')] [string] ${NameEncoding}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string[]] ${NameServers}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Namespace}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Set3', ValueFromPipelineByPropertyName=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='Set3')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Set3')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set3')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set3')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAEnable')) { [object]$__cmdletization_value = ${DAEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecEncryptionType')) { [object]$__cmdletization_value = ${DAIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecRequired')) { [object]$__cmdletization_value = ${DAIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Nullable`1[[System.Boolean, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089]]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DANameServers')) { [object]$__cmdletization_value = ${DANameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyServerName')) { [object]$__cmdletization_value = ${DAProxyServerName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyType')) { [object]$__cmdletization_value = ${DAProxyType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Comment')) { [object]$__cmdletization_value = ${Comment} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecEnable')) { [object]$__cmdletization_value = ${DnsSecEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization ScriptBlock ID: d1d72ffd-baaf-4f96-abe3-82b3a95301cc Path:	4104	1		3	2	15	0	1585	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecValidationRequired')) { [object]$__cmdletization_value = ${DnsSecValidationRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecValidationRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAEnable')) { [object]$__cmdletization_value = ${DAEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPsecTrustAuthority')) { [object]$__cmdletization_value = ${IPsecTrustAuthority} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPsecTrustAuthority'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Comment')) { [object]$__cmdletization_value = ${Comment} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Comment'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayName')) { [object]$__cmdletization_value = ${DisplayName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Add', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Add-DnsClientNrptRule' -Alias '*' function Get-DnsClientNrptRule { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Get1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Get1', Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Name}, [Parameter(ParameterSetName='Get1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Get1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTRule_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptRule' -Alias '*' function Remove-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Remove2', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Remove2', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Remove2', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Remove2')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${Force}, [Parameter(ParameterSetName='Remove2')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Remove2')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Remove2')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.Method ScriptBlock ID: d1d72ffd-baaf-4f96-abe3-82b3a95301cc Path:	4104	1		3	2	15	0	1584	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptRule' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Add-DnsClientNrptRule { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptRule')] param( [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${GpoName}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessDnsServers')] [string[]] ${DANameServers}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPsecRequired')] [switch] ${DAIPsecRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessQueryIPSSECEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DAIPsecEncryptionType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyName')] [string] ${DAProxyServerName}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecEnabled')] [switch] ${DnsSecEnable}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecRequired')] [switch] ${DnsSecIPsecRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DnsSecQueryIPsecEncryption')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','None','Low','Medium','High')] [string] ${DnsSecIPsecEncryptionType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string[]] ${NameServers}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [ValidateSet('Disable','Utf8WithMapping','Utf8WithoutMapping','Punycode')] [string] ${NameEncoding}, [Parameter(ParameterSetName='Add0', Mandatory=$true, Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${Namespace}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${Server}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessProxyType')] [AllowEmptyString()] [AllowNull()] [ValidateSet('','NoProxy','UseDefault','UseProxyName')] [string] ${DAProxyType}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [switch] ${DnsSecValidationRequired}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('DirectAccessEnabled')] [switch] ${DAEnable}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [Alias('IPsecCARestriction')] [string] ${IPsecTrustAuthority}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${Comment}, [Parameter(ParameterSetName='Add0', ValueFromPipelineByPropertyName=$true)] [string] ${DisplayName}, [Parameter(ParameterSetName='Add0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Add0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Add0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Add0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DANameServers')) { [object]$__cmdletization_value = ${DANameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DANameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecRequired')) { [object]$__cmdletization_value = ${DAIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAIPsecEncryptionType')) { [object]$__cmdletization_value = ${DAIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyServerName')) { [object]$__cmdletization_value = ${DAProxyServerName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyServerName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecEnable')) { [object]$__cmdletization_value = ${DnsSecEnable} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecEnable'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecRequired')) { [object]$__cmdletization_value = ${DnsSecIPsecRequired} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecRequired'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DnsSecIPsecEncryptionType')) { [object]$__cmdletization_value = ${DnsSecIPsecEncryptionType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DnsSecIPsecEncryptionType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameServers')) { [object]$__cmdletization_value = ${NameServers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameServers'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NameEncoding')) { [object]$__cmdletization_value = ${NameEncoding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NameEncoding'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DAProxyType')) { [object]$__cmdletization_value = ${DAProxyType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DAProxyType'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} ScriptBlock ID: d1d72ffd-baaf-4f96-abe3-82b3a95301cc Path:	4104	1		3	2	15	0	1583	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptGlobal' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientNrptGlobal { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal')] param( [Parameter(ParameterSetName='Get0', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Get0', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Get0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTGlobal_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptGlobal' -Alias '*' function Set-DnsClientNrptGlobal { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal')] param( [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('EnableOnNetworkID','EnableAlways','Disable','DisableDA')] [string] ${EnableDAForAllNetworks}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${GpoName}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disable','FallbackSecure','FallbackUnsecure','FallbackPrivate')] [string] ${SecureNameQueryFallback}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Disable','QueryIPv6Only','QueryBoth')] [string] ${QueryPolicy}, [Parameter(ParameterSetName='Set1', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Server}, [Parameter(ParameterSetName='Set1')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='Set1')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Set1')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Set1')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EnableDAForAllNetworks')) { [object]$__cmdletization_value = ${EnableDAForAllNetworks} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDAForAllNetworks'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EnableDAForAllNetworks'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GpoName')) { [object]$__cmdletization_value = ${GpoName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GpoName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SecureNameQueryFallback')) { [object]$__cmdletization_value = ${SecureNameQueryFallback} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SecureNameQueryFallback'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SecureNameQueryFallback'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('QueryPolicy')) { [object]$__cmdletization_value = ${QueryPolicy} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QueryPolicy'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'QueryPolicy'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Server')) { [object]$__cmdletization_value = ${Server} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Server'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientNrptGlobal' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNRPTGlobal_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientNrptGlobal' -Alias '*' ScriptBlock ID: d23d3c7d-565f-4db9-a4f8-176bb9fbb25a Path:	4104	1		3	2	15	0	1582	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9b39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/Microsoft/Windows/DNS/PS_DnsClientNrptPolicy' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientNrptPolicy { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType('Microsoft.Management.Infrastructure.CimInstance#DnsClientPolicyConfiguration')] param( [Parameter(ParameterSetName='Get0')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${Effective}, [Parameter(ParameterSetName='Get0', Position=1, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Namespace}, [Parameter(ParameterSetName='Get0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Get0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Get0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Effective')) { [object]$__cmdletization_value = ${Effective} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Effective'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Effective'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Namespace')) { [object]$__cmdletization_value = ${Namespace} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Namespace'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameter.ParameterTypeName = 'Microsoft.Management.Infrastructure.CimInstance#DnsClientPolicyConfiguration' $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Get', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP PS_DnsClientNrptPolicy_v1.0.0.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientNrptPolicy' -Alias '*' ScriptBlock ID: 7eddcea7-4c99-45a5-aec1-21e7b3156adc Path:	4104	1		3	2	15	0	1581	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9839-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientServerAddress' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientServerAddress { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientServerAddress')] param( [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Alias('Family')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientServerAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientServerAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientServerAddress' -Alias '*' function Set-DnsClientServerAddress { [CmdletBinding(DefaultParameterSetName='ByAlias', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientServerAddress')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByAlias', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClientServerAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Addresses')] [string[]] ${ServerAddresses}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${Validate}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ResetAddresses')] [switch] ${ResetServerAddresses}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByAlias') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAlias', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ServerAddresses')) { [object]$__cmdletization_value = ${ServerAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ServerAddresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ServerAddresses'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Validate')) { [object]$__cmdletization_value = ${Validate} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Validate'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:Validate'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ResetServerAddresses')) { [object]$__cmdletization_value = ${ResetServerAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetServerAddresses'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetServerAddresses'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientServerAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientServerAddress' -Alias '*' ScriptBlock ID: b786edc5-4a05-4d7b-8eda-57e8aedcef8c Path:	4104	1		3	2	15	0	1580	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9439-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-DnsClientGlobalSetting { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting')] param( [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [int] ${ThrottleLimit}, [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientGlobalSetting' -Alias '*' function Set-DnsClientGlobalSetting { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientGlobalSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClientGlobalSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [string[]] ${SuffixSearchList}, [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${UseDevolution}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DevolutionLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SuffixSearchList')) { [object]$__cmdletization_value = ${SuffixSearchList} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SuffixSearchList'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SuffixSearchList'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseDevolution')) { [object]$__cmdletization_value = ${UseDevolution} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseDevolution'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseDevolution'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DevolutionLevel')) { [object]$__cmdletization_value = ${DevolutionLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DevolutionLevel'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DevolutionLevel'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClientGlobalSetting' -Alias '*' ScriptBlock ID: 4d27bf13-f0e8-4689-af7a-27858a18efcb Path:	4104	1		3	2	15	0	1579	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-9039-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClientCache' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Clear-DnsClientCache { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Clear0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Clear0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Clear0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Clear', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientCache.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Clear-DnsClientCache' -Alias '*' function Get-DnsClientCache { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClientCache')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${Entry}, [Parameter(ParameterSetName='ByName')] [Alias('RecordName')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByName')] [Alias('RecordType')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Type[]] ${Type}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Status[]] ${Status}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.DnsClientCache.Section[]] ${Section}, [Parameter(ParameterSetName='ByName')] [Alias('TTL')] [ValidateNotNull()] [uint32[]] ${TimeToLive}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DataLength}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${Data}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Entry') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Entry}) $__cmdletization_queryBuilder.FilterByProperty('Entry', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Status') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Status}) $__cmdletization_queryBuilder.FilterByProperty('Status', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Section') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Section}) $__cmdletization_queryBuilder.FilterByProperty('Section', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TimeToLive') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TimeToLive}) $__cmdletization_queryBuilder.FilterByProperty('TimeToLive', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DataLength') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DataLength}) $__cmdletization_queryBuilder.FilterByProperty('DataLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Data') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Data}) $__cmdletization_queryBuilder.FilterByProperty('Data', $__cmdletization_values, $true, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClientCache.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClientCache' -Alias '*' ScriptBlock ID: fffe5780-0e9a-41cd-a083-05ee69356966 Path:	4104	1		3	2	15	0	1578	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-8c39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_DNSClient' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Register-DnsClient { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] param( [Parameter(ParameterSetName='Register0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Register0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Register0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Register', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Register-DnsClient' -Alias '*' function Get-DnsClient { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClient')] param( [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [Alias('Suffix')] [ValidateNotNull()] [string[]] ${ConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [bool[]] ${RegisterThisConnectionsAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [bool[]] ${UseSuffixWhenRegistering}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ConnectionSpecificSuffix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ConnectionSpecificSuffix}) $__cmdletization_queryBuilder.FilterByProperty('ConnectionSpecificSuffix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegisterThisConnectionsAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegisterThisConnectionsAddress}) $__cmdletization_queryBuilder.FilterByProperty('RegisterThisConnectionsAddress', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('UseSuffixWhenRegistering') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${UseSuffixWhenRegistering}) $__cmdletization_queryBuilder.FilterByProperty('UseSuffixWhenRegistering', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-DnsClient' -Alias '*' function Set-DnsClient { [CmdletBinding(DefaultParameterSetName='ByAlias', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_DNSClient')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipeline=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByAlias', Mandatory=$true, Position=0)] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_DNSClient')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Suffix')] [string] ${ConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${RegisterThisConnectionsAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${UseSuffixWhenRegistering}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ResetSuffix')] [switch] ${ResetConnectionSpecificSuffix}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByAlias')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByAlias') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByAlias', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ConnectionSpecificSuffix')) { [object]$__cmdletization_value = ${ConnectionSpecificSuffix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ConnectionSpecificSuffix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ConnectionSpecificSuffix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegisterThisConnectionsAddress')) { [object]$__cmdletization_value = ${RegisterThisConnectionsAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegisterThisConnectionsAddress'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegisterThisConnectionsAddress'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseSuffixWhenRegistering')) { [object]$__cmdletization_value = ${UseSuffixWhenRegistering} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseSuffixWhenRegistering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseSuffixWhenRegistering'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ResetConnectionSpecificSuffix')) { [object]$__cmdletization_value = ${ResetConnectionSpecificSuffix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetConnectionSpecificSuffix'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:ResetConnectionSpecificSuffix'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_DnsClient.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-DnsClient' -Alias '*' ScriptBlock ID: 0f34c1e4-1724-40a7-bf4f-6c90d995e02a Path:	4104	1		3	2	15	0	1577	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:30 PM	1909dffc-a75a-0004-8739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterPacketDirect' -Alias '*' function Disable-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterPacketDirect' -Alias '*' ScriptBlock ID: ead382ff-2dae-4515-b5c7-1adfd3817e2f Path:	4104	1		3	2	15	0	1576	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterPacketDirect' -Alias '*' function Set-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPacketDirectSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${DomainId}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DomainId')) { [object]$__cmdletization_value = ${DomainId} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainId'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DomainId'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPacketDirect.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterPacketDirect' -Alias '*' function Enable-NetAdapterPacketDirect { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPacketDirectSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } ScriptBlock ID: ead382ff-2dae-4515-b5c7-1adfd3817e2f Path:	4104	1		3	2	15	0	1575	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVPortSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVPort { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVPortSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Id')] [ValidateNotNull()] [uint32[]] ${VPortID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${SwitchID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('VfID')] [ValidateNotNull()] [uint16[]] ${FunctionID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('PF')] [switch] ${PhysicalFunction}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('VPortID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${VPortID}) $__cmdletization_queryBuilder.FilterByProperty('VPortID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SwitchID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SwitchID}) $__cmdletization_queryBuilder.FilterByProperty('SwitchID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('FunctionID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${FunctionID}) $__cmdletization_queryBuilder.FilterByProperty('FunctionID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PhysicalFunction') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PhysicalFunction', ${PhysicalFunction}) } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVPort.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVPort' -Alias '*' ScriptBlock ID: 06bbb478-d5c6-40bc-985a-c2853608003e Path:	4104	1		3	2	15	0	1574	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7c39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVmqQueueSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVmqQueue { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqQueueSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${Id}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Id') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Id}) $__cmdletization_queryBuilder.FilterByProperty('QueueID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmqQueue.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVmqQueue' -Alias '*' ScriptBlock ID: ab4c3fa2-03a5-43b1-8843-05030d3bcafc Path:	4104	1		3	2	15	0	1573	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7939-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterVmq' -Alias '*' function Enable-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterVmq' -Alias '*' function Disable-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterVmq' -Alias '*' ScriptBlock ID: ea0f57e9-f00b-45f7-a0c9-003b58e0aef8 Path:	4104	1		3	2	15	0	1572	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7339-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterVmq.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterVmq' -Alias '*' function Set-NetAdapterVmq { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterVmqSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterVmqSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${BaseProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${BaseProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Max')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${MaxProcessors}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${MaxProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NumaN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${NumaNode}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorGroup')) { [object]$__cmdletization_value = ${BaseProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorNumber')) { [object]$__cmdletization_value = ${BaseProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessors')) { [object]$__cmdletization_value = ${MaxProcessors} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorNumber')) { [object]$__cmdletization_value = ${MaxProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumaNode')) { [object]$__cmdletization_value = ${NumaNode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } ScriptBlock ID: ea0f57e9-f00b-45f7-a0c9-003b58e0aef8 Path:	4104	1		3	2	15	0	1571	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7339-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterStatisticsSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterStatistics { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterStatisticsSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterStatistics.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterStatistics' -Alias '*' ScriptBlock ID: 9da7fb3b-aabf-4ff8-bfa4-06f52b59d6c6 Path:	4104	1		3	2	15	0	1570	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-7039-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterSriovVfSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterSriovVf { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovVfSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [uint32[]] ${SwitchID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('VfID','Id')] [ValidateNotNull()] [uint16[]] ${FunctionID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('SwitchID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SwitchID}) $__cmdletization_queryBuilder.FilterByProperty('SwitchID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('FunctionID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${FunctionID}) $__cmdletization_queryBuilder.FilterByProperty('FunctionID', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriovVf.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterSriovVf' -Alias '*' ScriptBlock ID: a7bcd886-ac4d-4c06-bd55-07594d2d2373 Path:	4104	1		3	2	15	0	1569	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6d39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterSriov' -Alias '*' function Disable-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterSriov' -Alias '*' ScriptBlock ID: 38ee733d-49f1-47b6-bc16-9a0c37b28c5f Path:	4104	1		3	2	15	0	1568	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): '; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterSriov' -Alias '*' function Enable-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) ScriptBlock ID: 38ee733d-49f1-47b6-bc16-9a0c37b28c5f Path:	4104	1		3	2	15	0	1567	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterSriov.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterSriov' -Alias '*' function Set-NetAdapterSriov { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterSriovSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterSriovSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Vf')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${NumVFs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumVFs')) { [object]$__cmdletization_value = ${NumVFs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumVFs'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumVFs ScriptBlock ID: 38ee733d-49f1-47b6-bc16-9a0c37b28c5f Path:	4104	1		3	2	15	0	1566	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRss' -Alias '*' function Disable-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRss' -Alias '*' ScriptBlock ID: 5c9b3ea8-d9cd-4153-b020-544ab7d837e9 Path:	4104	1		3	2	15	0	1565	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6139-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): oft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profile'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Profile'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorGroup')) { [object]$__cmdletization_value = ${BaseProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseProcessorNumber')) { [object]$__cmdletization_value = ${BaseProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorGroup')) { [object]$__cmdletization_value = ${MaxProcessorGroup} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorGroup'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessorNumber')) { [object]$__cmdletization_value = ${MaxProcessorNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessorNumber'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxProcessors')) { [object]$__cmdletization_value = ${MaxProcessors} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxProcessors'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumaNode')) { [object]$__cmdletization_value = ${NumaNode} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumaNode'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRss' -Alias '*' function Enable-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { ScriptBlock ID: 5c9b3ea8-d9cd-4153-b020-544ab7d837e9 Path:	4104	1		3	2	15	0	1564	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6139-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRss.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRss' -Alias '*' function Set-NetAdapterRss { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRssSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRssSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${NumberOfReceiveQueues}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRss.Profile] ${Profile}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${BaseProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${BaseProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxG')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${MaxProcessorGroup}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxN')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [byte] ${MaxProcessorNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Max')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint32] ${MaxProcessors}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [uint16] ${NumaNode}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NumberOfReceiveQueues')) { [object]$__cmdletization_value = ${NumberOfReceiveQueues} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumberOfReceiveQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NumberOfReceiveQueues'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Profile')) { [object]$__cmdletization_value = ${Profile} $__cmdletization_methodParameter = [Micros ScriptBlock ID: 5c9b3ea8-d9cd-4153-b020-544ab7d837e9 Path:	4104	1		3	2	15	0	1563	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-6139-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): er = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRsc' -Alias '*' ScriptBlock ID: 0d084164-2abe-4a63-ba53-8c2c45a4c5e8 Path:	4104	1		3	2	15	0	1562	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5b39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRsc' -Alias '*' function Enable-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRsc' -Alias '*' function Disable-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParamet ScriptBlock ID: 0d084164-2abe-4a63-ba53-8c2c45a4c5e8 Path:	4104	1		3	2	15	0	1561	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5b39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [bool[]] ${IPv4OperationalState}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [bool[]] ${IPv6OperationalState}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRsc.FailureReason[]] ${IPv4FailureReason}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterRsc.FailureReason[]] ${IPv6FailureReason}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IPv4OperationalState') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv4OperationalState}) $__cmdletization_queryBuilder.FilterByProperty('IPv4OperationalState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv6OperationalState') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv6OperationalState}) $__cmdletization_queryBuilder.FilterByProperty('IPv6OperationalState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv4FailureReason') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv4FailureReason}) $__cmdletization_queryBuilder.FilterByProperty('IPv4FailureReason', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IPv6FailureReason') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPv6FailureReason}) $__cmdletization_queryBuilder.FilterByProperty('IPv6FailureReason', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRsc.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRsc' -Alias '*' function Set-NetAdapterRsc { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRscSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRscSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Enabled')) { [object]$__cmdletization_value = ${IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Enabled')) { [object]$__cmdletization_value = ${IPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch ScriptBlock ID: 0d084164-2abe-4a63-ba53-8c2c45a4c5e8 Path:	4104	1		3	2	15	0	1560	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5b39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterRdma' -Alias '*' ScriptBlock ID: 20c03f2e-3362-40da-ac5c-eb5980d57183 Path:	4104	1		3	2	15	0	1559	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5539-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterRdma' -Alias '*' function Disable-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, ScriptBlock ID: 20c03f2e-3362-40da-ac5c-eb5980d57183 Path:	4104	1		3	2	15	0	1558	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5539-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterRdma' -Alias '*' function Set-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterRdmaSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterRdma.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterRdma' -Alias '*' function Enable-NetAdapterRdma { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterRdmaSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Par ScriptBlock ID: 20c03f2e-3362-40da-ac5c-eb5980d57183 Path:	4104	1		3	2	15	0	1557	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-5539-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ers.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterQos' -Alias '*' ScriptBlock ID: 8fbb0a67-f2f5-43bd-b555-f870b5b6844c Path:	4104	1		3	2	15	0	1556	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0000-98f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterQos' -Alias '*' function Enable-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterQos' -Alias '*' function Disable-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParamet ScriptBlock ID: 8fbb0a67-f2f5-43bd-b555-f870b5b6844c Path:	4104	1		3	2	15	0	1555	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0000-98f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterQos.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterQos' -Alias '*' function Set-NetAdapterQos { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterQosSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterQosSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters. ScriptBlock ID: 8fbb0a67-f2f5-43bd-b555-f870b5b6844c Path:	4104	1		3	2	15	0	1554	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0000-98f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterPowerManagement' -Alias '*' ScriptBlock ID: 13009c6b-ba8d-4de2-b655-652a6301d043 Path:	4104	1		3	2	15	0	1553	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): t = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterPowerManagement' -Alias '*' function Disable-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ ScriptBlock ID: 13009c6b-ba8d-4de2-b655-652a6301d043 Path:	4104	1		3	2	15	0	1552	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SelectiveSuspend')) { [object]$__cmdletization_value = ${SelectiveSuspend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SelectiveSuspend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnMagicPacket')) { [object]$__cmdletization_value = ${WakeOnMagicPacket} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnMagicPacket'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WakeOnPattern')) { [object]$__cmdletization_value = ${WakeOnPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WakeOnPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterPowerManagement' -Alias '*' function Enable-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RsnRekeyOffload')) { [object]$__cmdletization_value = ${RsnRekeyOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RsnRekeyOffload'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresen ScriptBlock ID: 13009c6b-ba8d-4de2-b655-652a6301d043 Path:	4104	1		3	2	15	0	1551	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterPowerManagement.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterPowerManagement' -Alias '*' function Set-NetAdapterPowerManagement { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterPowerManagementSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterPowerManagementSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${ArpOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${D0PacketCoalescing}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${DeviceSleepOnDisconnect}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${NSOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${RsnRekeyOffload}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${SelectiveSuspend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${WakeOnMagicPacket}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateSet('Enabled','Disabled')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting] ${WakeOnPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ArpOffload')) { [object]$__cmdletization_value = ${ArpOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ArpOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('D0PacketCoalescing')) { [object]$__cmdletization_value = ${D0PacketCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'D0PacketCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DeviceSleepOnDisconnect')) { [object]$__cmdletization_value = ${DeviceSleepOnDisconnect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DeviceSleepOnDisconnect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NSOffload')) { [object]$__cmdletization_value = ${NSOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NSOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterPowerManagement.Setting'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = ScriptBlock ID: 13009c6b-ba8d-4de2-b655-652a6301d043 Path:	4104	1		3	2	15	0	1550	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterLso' -Alias '*' ScriptBlock ID: 0da30412-07b6-4cc3-b55e-dbc041bcf433 Path:	4104	1		3	2	15	0	1549	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4939-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): agement.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterLso' -Alias '*' function Disable-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_ ScriptBlock ID: 0da30412-07b6-4cc3-b55e-dbc041bcf433 Path:	4104	1		3	2	15	0	1548	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4939-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): Present = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4Enabled')) { [object]$__cmdletization_value = ${IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6Enabled')) { [object]$__cmdletization_value = ${IPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterLso' -Alias '*' function Enable-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv4')) { [object]$__cmdletization_value = ${IPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPv6')) { [object]$__cmdletization_value = ${IPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Man ScriptBlock ID: 0da30412-07b6-4cc3-b55e-dbc041bcf433 Path:	4104	1		3	2	15	0	1547	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4939-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterLso.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterLso' -Alias '*' function Set-NetAdapterLso { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterLsoSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterLsoSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${V1IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${IPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('V1IPv4Enabled')) { [object]$__cmdletization_value = ${V1IPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'V1IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'V1IPv4Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValue ScriptBlock ID: 0da30412-07b6-4cc3-b55e-dbc041bcf433 Path:	4104	1		3	2	15	0	1546	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4939-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterIPsecOffload' -Alias '*' function Disable-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterIPsecOffload' -Alias '*' ScriptBlock ID: 73026452-e554-4ff7-9592-735439206863 Path:	4104	1		3	2	15	0	1545	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4339-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterIPsecOffloadV2SettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterIPsecOffloadV2SettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterIPsecOffload' -Alias '*' function Set-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Set', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterIPsecOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterIPsecOffload' -Alias '*' function Enable-NetAdapterIPsecOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Low', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterIPsecOffloadV2SettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', ScriptBlock ID: 73026452-e554-4ff7-9592-735439206863 Path:	4104	1		3	2	15	0	1544	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4339-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterHardwareInfoSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterHardwareInfo { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterHardwareInfoSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterHardwareInfo.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterHardwareInfo' -Alias '*' ScriptBlock ID: afec8d06-a529-40b7-b175-0756dae2d621 Path:	4104	1		3	2	15	0	1543	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-4039-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): __cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncapsulationType')) { [object]$__cmdletization_value = ${EncapsulationType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' ScriptBlock ID: 6e876623-e7d9-48f5-8e98-0315104346a0 Path:	4104	1		3	2	15	0	1542	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3a39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EncapsulationType')) { [object]$__cmdletization_value = ${EncapsulationType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EncapsulationType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Disable-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType] ${EncapsulationType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $ ScriptBlock ID: 6e876623-e7d9-48f5-8e98-0315104346a0 Path:	4104	1		3	2	15	0	1541	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3a39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NvgreEncapsulatedPacketTaskOffloadEnabled')) { [object]$__cmdletization_value = ${NvgreEncapsulatedPacketTaskOffloadEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NvgreEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NvgreEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VxlanEncapsulatedPacketTaskOffloadEnabled')) { [object]$__cmdletization_value = ${VxlanEncapsulatedPacketTaskOffloadEnabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanEncapsulatedPacketTaskOffloadEnabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VxlanUDPPortNumber')) { [object]$__cmdletization_value = ${VxlanUDPPortNumber} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanUDPPortNumber'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VxlanUDPPortNumber'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Enable-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterEncapsulatedPacketTaskOffload.EncapsulationType] ${EncapsulationType}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') ScriptBlock ID: 6e876623-e7d9-48f5-8e98-0315104346a0 Path:	4104	1		3	2	15	0	1540	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3a39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterEncapsulatedPacketTaskOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterEncapsulatedPacketTaskOffload' -Alias '*' function Set-NetAdapterEncapsulatedPacketTaskOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterEncapsulatedPacketTaskOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${NvgreEncapsulatedPacketTaskOffloadEnabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${VxlanEncapsulatedPacketTaskOffloadEnabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateRange(1, 65535)] [uint16] ${VxlanUDPPortNumber}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', ScriptBlock ID: 6e876623-e7d9-48f5-8e98-0315104346a0 Path:	4104	1		3	2	15	0	1539	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3a39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): unction 'Enable-NetAdapterChecksumOffload' -Alias '*' function Disable-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4')) { [object]$__cmdletization_value = ${IpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4')) { [object]$__cmdletization_value = ${TcpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6')) { [object]$__cmdletization_value = ${TcpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4')) { [object]$__cmdletization_value = ${UdpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6')) { [object]$__cmdletization_value = ${UdpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterChecksumOffload' -Alias '*' ScriptBlock ID: 27181099-c431-43b0-9dcd-179836fa9fd3 Path:	4104	1		3	2	15	0	1538	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3439-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ation.MethodParameter]@{Name = 'UdpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterChecksumOffload' -Alias '*' function Enable-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${IpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${TcpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv4}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [switch] ${UdpIPv6}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4')) { [object]$__cmdletization_value = ${IpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4')) { [object]$__cmdletization_value = ${TcpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6')) { [object]$__cmdletization_value = ${TcpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4')) { [object]$__cmdletization_value = ${UdpIPv4} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6')) { [object]$__cmdletization_value = ${UdpIPv6} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -F ScriptBlock ID: 27181099-c431-43b0-9dcd-179836fa9fd3 Path:	4104	1		3	2	15	0	1537	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3439-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterChecksumOffload.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterChecksumOffload' -Alias '*' function Set-NetAdapterChecksumOffload { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterChecksumOffloadSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterChecksumOffloadSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${IpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${TcpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${TcpIPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${UdpIPv4Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction] ${UdpIPv6Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IpIPv4Enabled')) { [object]$__cmdletization_value = ${IpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv4Enabled')) { [object]$__cmdletization_value = ${TcpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TcpIPv6Enabled')) { [object]$__cmdletization_value = ${TcpIPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TcpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv4Enabled')) { [object]$__cmdletization_value = ${UdpIPv4Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv4Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UdpIPv6Enabled')) { [object]$__cmdletization_value = ${UdpIPv6Enabled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UdpIPv6Enabled'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterChecksumOffload.Direction'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletiz ScriptBlock ID: 27181099-c431-43b0-9dcd-179836fa9fd3 Path:	4104	1		3	2	15	0	1536	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-3439-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): :PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapterBinding' -Alias '*' ScriptBlock ID: 7669a96e-24c6-426e-86a2-82f60f3bc3fe Path:	4104	1		3	2	15	0	1535	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2e39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): abled} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Enabled'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterBinding' -Alias '*' function Enable-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapterBinding' -Alias '*' function Disable-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script ScriptBlock ID: 7669a96e-24c6-426e-86a2-82f60f3bc3fe Path:	4104	1		3	2	15	0	1534	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2e39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterBinding.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterBinding' -Alias '*' function Set-NetAdapterBinding { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterBindingSettingData')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${ComponentID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllBindings}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterBindingSettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [bool] ${Enabled}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('ComponentID') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ComponentID}) $__cmdletization_queryBuilder.FilterByProperty('ComponentID', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllBindings') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllBindings', ${AllBindings}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Enabled')) { [object]$__cmdletization_value = ${En ScriptBlock ID: 7669a96e-24c6-426e-86a2-82f60f3bc3fe Path:	4104	1		3	2	15	0	1533	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2e39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ion_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Reset-NetAdapterAdvancedProperty' -Alias '*' ScriptBlock ID: 69cd24d7-9f05-4dff-82af-37866dd97eb4 Path:	4104	1		3	2	15	0	1532	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ssThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapterAdvancedProperty' -Alias '*' function Remove-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllProperties}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetAdapterAdvancedProperty' -Alias '*' function Reset-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Reset', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletizat ScriptBlock ID: 69cd24d7-9f05-4dff-82af-37866dd97eb4 Path:	4104	1		3	2	15	0	1531	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): function Get-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByNameDisplayName', Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByNameRegistryKeyword', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Parameter(ParameterSetName='ByInstanceIDDisplayName', Mandatory=$true)] [Parameter(ParameterSetName='ByInstanceIDKeyword', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByNameDisplayName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceIDDisplayName', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByNameRegistryKeyword', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceIDKeyword', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${AllProperties}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByNameDisplayName')] [Parameter(ParameterSetName='ByNameRegistryKeyword')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByInstanceIDDisplayName')] [Parameter(ParameterSetName='ByInstanceIDKeyword')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByNameDisplayName', 'ByInstanceIDDisplayName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByNameRegistryKeyword', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword', 'ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByNameDisplayName', 'ByNameRegistryKeyword', 'ByInstanceID', 'ByInstanceIDDisplayName', 'ByInstanceIDKeyword') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapterAdvancedProperty' -Alias '*' function Set-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Alias('DispN')] [ValidateNotNull()] [string[]] ${DisplayName}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Alias('RegKey')] [ValidateNotNull()] [string[]] ${RegistryKeyword}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${AllProperties}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapterAdvancedPropertySettingData')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${DisplayValue}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${RegistryValue}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('DisplayName') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DisplayName}) $__cmdletization_queryBuilder.FilterByProperty('DisplayName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RegistryKeyword') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RegistryKeyword}) $__cmdletization_queryBuilder.FilterByProperty('RegistryKeyword', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('AllProperties') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('AllProperties', ${AllProperties}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DisplayValue')) { [object]$__cmdletization_value = ${DisplayValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayValue'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DisplayValue'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $Pa ScriptBlock ID: 69cd24d7-9f05-4dff-82af-37866dd97eb4 Path:	4104	1		3	2	15	0	1530	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapterAdvancedPropertySettingData' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetAdapterAdvancedProperty { [CmdletBinding(DefaultParameterSetName='Name', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc','InstanceID')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${InterfaceDescription}, [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${RegistryKeyword}, [Parameter(ParameterSetName='InstanceID', ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType] ${RegistryDataType}, [Parameter(ParameterSetName='InstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='Name', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string[]] ${RegistryValue}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${NoRestart}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='Name', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${Name}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InstanceID')] [Parameter(ParameterSetName='Name')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InstanceID') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceDescription')) { [object]$__cmdletization_value = ${InterfaceDescription} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceDescription'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceDescription'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryKeyword')) { [object]$__cmdletization_value = ${RegistryKeyword} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryDataType')) { [object]$__cmdletization_value = ${RegistryDataType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IncludeHidden')) { [object]$__cmdletization_value = ${IncludeHidden} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('Name') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Name')) { [object]$__cmdletization_value = ${Name} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Name'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryKeyword')) { [object]$__cmdletization_value = ${RegistryKeyword} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryKeyword'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryDataType')) { [object]$__cmdletization_value = ${RegistryDataType} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryDataType'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetAdapterAdvancedProperty.RegDataType'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RegistryValue')) { [object]$__cmdletization_value = ${RegistryValue} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegistryValue'; ParameterType = 'System.String[]'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IncludeHidden')) { [object]$__cmdletization_value = ${IncludeHidden} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:IncludeHidden'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapterAdvancedProperty.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetAdapterAdvancedProperty' -Alias '*' ScriptBlock ID: 69cd24d7-9f05-4dff-82af-37866dd97eb4 Path:	4104	1		3	2	15	0	1529	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:29 PM	1909dffc-a75a-0004-2739-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): uldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapter')] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [ValidateRange(0, 4094)] [uint16] ${VlanID}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('LinkLayerAddress')] [string] ${MacAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${NoRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkAddresses'; ParameterType = 'System.String[]'; Bindings = '0'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('VlanID')) { [object]$__cmdletization_value = ${VlanID} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VlanID'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'VlanID'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MacAddress')) { [object]$__cmdletization_value = ${MacAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:MacAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:MacAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NoRestart')) { [object]$__cmdletization_value = ${NoRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:NoRestart'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetAdapter' -Alias '*' ScriptBlock ID: ba76fb4e-e5b7-4628-8cd4-4af22339d693 Path:	4104	1		3	2	15	0	1528	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:28 PM	1909dffc-a75a-0004-1f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): sent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Disable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Disable-NetAdapter' -Alias '*' function Restart-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Restart', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Restart-NetAdapter' -Alias '*' function Rename-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, Position=1)] [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, Position=1)] [ValidateNotNull()] [ValidateNotNullOrEmpty()] [string] ${NewName}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NewName')) { [object]$__cmdletization_value = ${NewName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NewName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Rename', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Rename-NetAdapter' -Alias '*' function Set-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsSho ScriptBlock ID: ba76fb4e-e5b7-4628-8cd4-4af22339d693 Path:	4104	1		3	2	15	0	1527	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:28 PM	1909dffc-a75a-0004-1f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetAdapter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetAdapter')] param( [Parameter(ParameterSetName='ByName', Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByIfIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${Physical}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='ByIfIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID', 'ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } if ($PSBoundParameters.ContainsKey('Physical') -and (@('ByName', 'ByInstanceID', 'ByIfIndex') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('Physical', ${Physical}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetAdapter' -Alias '*' function Enable-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PassThru')) { [object]$__cmdletization_value = ${PassThru} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'cim:OperationOption:PassThru'; ParameterType = 'System.Management.Automation.SwitchParameter'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Enable', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $false if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetAdapter.cmdletDefinition.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Enable-NetAdapter' -Alias '*' function Disable-NetAdapter { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] param( [Parameter(ParameterSetName='ByName', Mandatory=$true, Position=0)] [Alias('ifAlias','InterfaceAlias')] [ValidateNotNull()] [string[]] ${Name}, [Parameter(ParameterSetName='ByInstanceID', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifDesc')] [ValidateNotNull()] [string[]] ${InterfaceDescription}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [switch] ${IncludeHidden}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByInstanceID')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Name') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Name}) $__cmdletization_queryBuilder.FilterByProperty('Name', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceDescription') -and (@('ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceDescription}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceDescription', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('IncludeHidden') -and (@('ByName', 'ByInstanceID') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeHidden', ${IncludeHidden}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'ByInstanceID', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPre ScriptBlock ID: ba76fb4e-e5b7-4628-8cd4-4af22339d693 Path:	4104	1		3	2	15	0	1526	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	2520	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:28 PM	1909dffc-a75a-0004-1f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 473705f7-24e5-4b35-9a20-712b831fae07 Path:	4104	1		3	2	15	0	1525	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	4408	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:28 PM	1909dffc-a75a-0004-0f39-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d9f257d1-e299-4649-910f-a2e27b6a9012 Path:	4104	1		3	2	15	0	1524	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	4408	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:28 PM	1909dffc-a75a-0004-0039-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): sZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCiMgRlVUVVJFOiBjaGVjayBzdGF0aWNhbGx5LXNldCB2YWx1ZXMgdmlhIHJlZ2lzdHJ5IHNvIHdlIGNhbiBkZXRlcm1pbmUgZGlmZmVyZW5jZSBiZXR3ZWVuIERIQ1Atc291cmNlIHZhbHVlcyBhbmQgc3RhdGljIHZhbHVlcz8gKHByZXZlbnQgc3B1cmlvdXMgY2hhbmdlZAojIG5vdGlmaWNhdGlvbnMgb24gREhDUC1zb3VyY2VkIHZhbHVlcykKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKJENvbmZpcm1QcmVmZXJlbmNlID0gIk5vbmUiCgpGdW5jdGlvbiBXcml0ZS1EZWJ1Z0xvZyB7CiAgICBQYXJhbSgKICAgIFtzdHJpbmddJG1zZwogICAgKQoKICAgICREZWJ1Z1ByZWZlcmVuY2UgPSAiQ29udGludWUiCiAgICAkRXJyb3JBY3Rpb25QcmVmZXJlbmNlID0gIkNvbnRpbnVlIgogICAgJGRhdGVfc3RyID0gR2V0LURhdGUgLUZvcm1hdCB1CiAgICAkbXNnID0gIiRkYXRlX3N0ciAkbXNnIgoKICAgIFdyaXRlLURlYnVnICRtc2cKCiAgICBpZigkbG9nX3BhdGgpIHsKICAgICAgICBBZGQtQ29udGVudCAkbG9nX3BhdGggJG1zZwogICAgfQp9CgojIG1pbmltYWwgaW1wbCBvZiBHZXQtTmV0QWRhcHRlciB3ZSBuZWVkIG9uIDIwMDgvMjAwOFIyCkZ1bmN0aW9uIEdldC1OZXRBZGFwdGVyTGVnYWN5IHsKICAgIFBhcmFtKFtzdHJpbmddJE5hbWU9IioiKQoKICAgICR3bWlhcmdzID0gQHtDbGFzcz0iV2luMzJfTmV0d29ya0FkYXB0ZXIifQoKICAgIElmKCROYW1lLkNvbnRhaW5zKCIqIikpIHsKICAgICAgICAkd21pYXJncy5GaWx0ZXIgPSAiTmV0Q29ubmVjdGlvbklEIExJS0UgJyQoJE5hbWUuUmVwbGFjZSgiKiIsIiUiKSknIgogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHdtaWFyZ3MuRmlsdGVyID0gIk5ldENvbm5lY3Rpb25JRCA9ICckTmFtZSciCiAgICB9CgogICAgJHdtaXByb3AgPSBAKAogICAgICAgIEB7TmFtZT0iTmFtZSI7IEV4cHJlc3Npb249eyRfLk5ldENvbm5lY3Rpb25JRH19LAogICAgICAgIEB7TmFtZT0iaWZJbmRleCI7IEV4cHJlc3Npb249eyRfLkRldmljZUlEfX0KICAgICkKCiAgICAkcmVzID0gR2V0LVdtaU9iamVjdCBAd21pYXJncyB8IFNlbGVjdC1PYmplY3QgLVByb3BlcnR5ICR3bWlwcm9wCgogICAgSWYoQCgkcmVzKS5Db3VudCAtZXEgMCAtYW5kIC1ub3QgJE5hbWUuQ29udGFpbnMoIioiKSkgewogICAgICAgIHRocm93ICJHZXQtTmV0QWRhcHRlckxlZ2FjeTogTm8gV2luMzJfTmV0d29ya0FkYXB0ZXIgb2JqZWN0cyBmb3VuZCB3aXRoIHByb3BlcnR5ICdOZXRDb25uZWN0aW9uSUQnIGVxdWFsIHRvICckTmFtZSciCiAgICB9CgogICAgV3JpdGUtT3V0cHV0ICRyZXMKfQoKSWYoLW5vdCAkKEdldC1Db21tYW5kIEdldC1OZXRBZGFwdGVyIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkgewogICAgTmV3LUFsaWFzIEdldC1OZXRBZGFwdGVyIEdldC1OZXRBZGFwdGVyTGVnYWN5IC1Gb3JjZQp9CgojIG1pbmltYWwgaW1wbCBvZiBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBmb3IgMjAwOC8yMDA4UjIKRnVuY3Rpb24gR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3kgewogICAgUGFyYW0oW3N0cmluZ10kSW50ZXJmYWNlQWxpYXMpCgogICAgJGlkeCA9IEdldC1OZXRBZGFwdGVyIC1OYW1lICRJbnRlcmZhY2VBbGlhcyB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IGlmSW5kZXgKCiAgICAkYWRhcHRlcl9jb25maWcgPSBHZXQtV21pT2JqZWN0IFdpbjMyX05ldHdvcmtBZGFwdGVyQ29uZmlndXJhdGlvbiAtRmlsdGVyICJJbmRleD0kaWR4IgoKICAgIHJldHVybiBAKAogICAgICAgICMgSVB2NCB2YWx1ZXMKICAgICAgICBbUFNDdXN0b21PYmplY3RdQHtJbnRlcmZhY2VBbGlhcz0kSW50ZXJmYWNlQWxpYXM7SW50ZXJmYWNlSW5kZXg9JGlkeDtBZGRyZXNzRmFtaWx5PTI7U2VydmVyQWRkcmVzc2VzPSRhZGFwdGVyX2NvbmZpZy5ETlNTZXJ2ZXJTZWFyY2hPcmRlcn07CiAgICAgICAgIyBJUHY2LCBvbmx5IGhlcmUgZm9yIGNvbXBsZXRlbmVzcyBzaW5jZSB3ZSBkb24ndCBzdXBwb3J0IGl0IHlldAogICAgICAgIFtQU0N1c3RvbU9iamVjdF1Ae0ludGVyZmFjZUFsaWFzPSRJbnRlcmZhY2VBbGlhcztJbnRlcmZhY2VJbmRleD0kaWR4O0FkZHJlc3NGYW1pbHk9MjM7U2VydmVyQWRkcmVzc2VzPUAoKX07CiAgICApCn0KCklmKC1ub3QgJChHZXQtQ29tbWFuZCBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSkpIHsKICAgIE5ldy1BbGlhcyBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBHZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzc0xlZ2FjeQp9CgojIG1pbmltYWwgaW1wbCBvZiBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBmb3IgMjAwOC8yMDA4UjIKRnVuY3Rpb24gU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3kgewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10kSW50ZXJmYWNlQWxpYXMsCiAgICAgICAgW0FycmF5XSRTZXJ2ZXJBZGRyZXNzZXM9QCgpLAogICAgICAgIFtzd2l0Y2hdJFJlc2V0U2VydmVyQWRkcmVzc2VzCiAgICApCgogICAgJGlkeCA9IEdldC1OZXRBZGFwdGVyIC1OYW1lICRJbnRlcmZhY2VBbGlhcyB8IFNlbGVjdC1PYmplY3QgLUV4cGFuZFByb3BlcnR5IGlmSW5kZXgKCiAgICAkYWRhcHRlcl9jb25maWcgPSBHZXQtV21pT2JqZWN0IFdpbjMyX05ldHdvcmtBZGFwdGVyQ29uZmlndXJhdGlvbiAtRmlsdGVyICJJbmRleD0kaWR4IgoKICAgIElmKCRSZXNldFNlcnZlckFkZHJlc3NlcykgewogICAgICAgICRyZXMgPSAkYWRhcHRlcl9jb25maWcuU2V0RE5TU2VydmVyU2VhcmNoT3JkZXIoKQogICAgfQogICAgRWxzZSB7CiAgICAgICAgJHJlcyA9ICRhZGFwdGVyX2NvbmZpZy5TZXRETlNTZXJ2ZXJTZWFyY2hPcmRlcigkU2VydmVyQWRkcmVzc2VzKQogICAgfQoKICAgIElmKCRyZXMuUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICB0aHJvdyAiU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3NMZWdhY3k6IEVycm9yIGNhbGxpbmcgU2V0RE5TU2VydmVyU2VhcmNoT3JkZXIsIGNvZGUgJCgkcmVzLlJldHVyblZhbHVlKSkiCiAgICB9Cn0KCklmKC1ub3QgJChHZXQtQ29tbWFuZCBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZSkpIHsKICAgIE5ldy1BbGlhcyBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzcyBTZXQtRG5zQ2xpZW50U2VydmVyQWRkcmVzc0xlZ2FjeQp9CgpGdW5jdGlvbiBHZXQtRG5zQ2xpZW50TWF0Y2ggewogICAgUGFyYW0oCiAgICAgICAgW3N0cmluZ10gJGFkYXB0ZXJfbmFtZSwKICAgICAgICBbc3RyaW5nW11dICRpcHY0X2FkZHJlc3NlcwogICAgKQoKICAgIFdyaXRlLURlYnVnTG9nICgiR2V0dGluZyBETlMgY29uZmlnIGZvciBhZGFwdGVyIHswfSIgLWYgJGFkYXB0ZXJfbmFtZSkKCiAgICAkY3VycmVudF9kbnNfYWxsID0gR2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUludGVyZmFjZUFsaWFzICRhZGFwdGVyX25hbWUKCiAgICBXcml0ZS1EZWJ1Z0xvZyAoIkN1cnJlbnQgRE5TIHNldHRpbmdzOiAiICsgJCgkY3VycmVudF9kbnNfYWxsIHwgT3V0LVN0cmluZykpCgogICAgJGN1cnJlbnRfZG5zX3Y0ID0gKCRjdXJyZW50X2Ruc19hbGwgfCBXaGVyZS1PYmplY3QgQWRkcmVzc0ZhbWlseSAtZXEgMiA8IyBJUHY0ICM+KS5TZXJ2ZXJBZGRyZXNzZXMKCiAgICBJZiAoKCRjdXJyZW50X2Ruc192NCAtZXEgJG51bGwpIC1hbmQgKCRpcHY0X2FkZHJlc3NlcyAtZXEgJG51bGwpKSB7CiAgICAgICAgJHY0X21hdGNoID0gJFRydWUKICAgIH0KCiAgICBFbHNlSWYgKCgkY3VycmVudF9kbnNfdjQgLWVxICRudWxsKSAtb3IgKCRpcHY0X2FkZHJlc3NlcyAtZXEgJG51bGwpKSB7CiAgICAgICAgJHY0X21hdGNoID0gJEZhbHNlCiAgICB9CgogICAgRWxzZSB7CiAgICAgICAgJHY0X21hdGNoID0gQChDb21wYXJlLU9iamVjdCAkY3VycmVudF9kbnNfdjQgJGlwdjRfYWRkcmVzc2VzIC1TeW5jV2luZG93IDApLkNvdW50IC1lcSAwCiAgICB9CgogICAgIyBUT0RPOiBpbXBsZW1lbnQgSVB2NgoKICAgIFdyaXRlLURlYnVnTG9nICgiQ3VycmVudCBETlMgc2V0dGluZ3MgbWF0Y2ggKHswfSkgOiB7MX0iIC1mICgkaXB2NF9hZGRyZXNzZXMgLWpvaW4gIiwgIiksICR2NF9tYXRjaCkKCiAgICByZXR1cm4gJHY0X21hdGNoCn0KCkZ1bmN0aW9uIFZhbGlkYXRlLUlQQWRkcmVzcyB7CiAgICBQYXJhbShbc3RyaW5nXSAkYWRkcmVzcykKCiAgICAkYWRkcm91dCA9ICRudWxsCgogICAgcmV0dXJuIFtTeXN0ZW0uTmV0LklQQWRkcmVzc106OlRyeVBhcnNlKCRhZGRyZXNzLCBbcmVmXSAkYWRkcm91dCkKfQoKRnVuY3Rpb24gU2V0LURuc0NsaWVudEFkZHJlc3Nlcwp7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSAkYWRhcHRlcl9uYW1lLAogICAgICAgIFtzdHJpbmdbXV0gJGlwdjRfYWRkcmVzc2VzCiAgICApCgogICAgV3JpdGUtRGVidWdMb2cgKCJTZXR0aW5nIEROUyBhZGRyZXNzZXMgZm9yIGFkYXB0ZXIgezB9IHRvICh7MX0pIiAtZiAkYWRhcHRlcl9uYW1lLCAoJGlwdjRfYWRkcmVzc2VzIC1qb2luICIsICIpKQogICAgCiAgICBJZiAoJGlwdjRfYWRkcmVzc2VzIC1lcSAkbnVsbCkgewogICAgICAgIFNldC1EbnNDbGllbnRTZXJ2ZXJBZGRyZXNzIC1JbnRlcmZhY2VBbGlhcyAkYWRhcHRlcl9uYW1lIC1SZXNldFNlcnZlckFkZHJlc3MKICAgIH0KCiAgICBFbHNlIHsKICAgICMgdGhpcyBzaWxlbnRseSBpZ25vcmVzIGludmFsaWQgSVBzLCBzbyB3ZSB2YWxpZGF0ZSBwYXJzZWFiaWxpdHkgb3Vyc2VsdmVzIHVwIGZyb250Li4uCiAgICAgICAgU2V0LURuc0NsaWVudFNlcnZlckFkZHJlc3MgLUludGVyZmFjZUFsaWFzICRhZGFwdGVyX25hbWUgLVNlcnZlckFkZHJlc3NlcyAkaXB2NF9hZGRyZXNzZXMKICAgIH0KICAgIAogICAgIyBUT0RPOiBpbXBsZW1lbnQgSVB2Ngp9CgokcmVzdWx0ID0gQHtjaGFuZ2VkPSRmYWxzZX0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzIC1hcmd1bWVudHMgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWUKCiRhZGFwdGVyX25hbWVzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJhZGFwdGVyX25hbWVzIiAtRGVmYXVsdCAiKiIKJGlwdjRfYWRkcmVzc2VzID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJpcHY0X2FkZHJlc3NlcyIgLUZhaWxJZkVtcHR5ICRyZXN1bHQKCklmKCRpcHY0X2FkZHJlc3NlcyAtaXMgW3N0cmluZ10pIHsKICAgIElmKCRpcHY0X2FkZHJlc3Nlcy5MZW5ndGggLWd0IDApIHsKICAgICAgICAkaXB2NF9hZGRyZXNzID0gQCgkaXB2NF9hZGRyZXNzZXMpCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkaXB2NF9hZGRyZXNzZXMgPSBAKCkKICAgIH0KfQoKJGdsb2JhbDpsb2dfcGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gJHBhcmFtcyAibG9nX3BhdGgiCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAkcGFyYW1zICJfYW5zaWJsZV9jaGVja19tb2RlIiAtRGVmYXVsdCAkZmFsc2UKClRyeSB7CgogICAgV3JpdGUtRGVidWdMb2cgKCJWYWxpZGF0aW5nIGFkYXB0ZXIgbmFtZSB7MH0iIC1mICRhZGFwdGVyX25hbWVzKQoKICAgICRhZGFwdGVycyA9IEAoJGFkYXB0ZXJfbmFtZXMpCgogICAgSWYoJGFkYXB0ZXJfbmFtZXMgLWVxICIqIikgewogICAgICAgICRhZGFwdGVycyA9IEdldC1OZXRBZGFwdGVyIHwgU2VsZWN0LU9iamVjdCAtRXhwYW5kUHJvcGVydHkgTmFtZQogICAgfQogICAgIyBUT0RPOiBhZGQgc3VwcG9ydCBmb3IgYW4gYWN0dWFsIGxpc3Qgb2YgYWRhcHRlciBuYW1lcwogICAgIyB2YWxpZGF0ZSBuZXR3b3JrIGFkYXB0ZXIgbmFtZXMKICAgIEVsc2VJZihAKEdldC1OZXRBZGFwdGVyIHwgV2hlcmUtT2JqZWN0IE5hbWUgLWVxICRhZGFwdGVyX25hbWVzKS5Db3VudCAtZXEgMCkgewogICAgICAgIHRocm93ICJJbnZhbGlkIG5ldHdvcmsgYWRhcHRlciBuYW1lOiB7MH0iIC1mICRhZGFwdGVyX25hbWVzCiAgICB9CgogICAgV3JpdGUtRGVidWdMb2cgKCJWYWxpZGF0aW5nIElQIGFkZHJlc3NlcyAoezB9KSIgLWYgKCRpcHY0X2FkZHJlc3NlcyAtam9pbiAiLCAiKSkKCiAgICAkaW52YWxpZF9hZGRyZXNzZXMgPSBAKCRpcHY0X2FkZHJlc3NlcyB8ID8geyAtbm90IChWYWxpZGF0ZS1JUEFkZHJlc3MgJF8pIH0pCgogICAgSWYoJGludmFsaWRfYWRkcmVzc2VzLkNvdW50IC1ndCAwKSB7CiAgICAgICAgdGhyb3cgIkludmFsaWQgSVAgYWRkcmVzcyhlcyk6ICh7MH0pIiAtZiAoJGludmFsaWRfYWRkcmVzc2VzIC1qb2luICIsICIpCiAgICB9CgogICAgRm9yRWFjaCgkYWRhcHRlcl9uYW1lIGluICRhZGFwdGVycykgewogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICRyZXN1bHQuY2hhbmdlZCAtb3IgKC1ub3QgKEdldC1EbnNDbGllbnRNYXRjaCAkYWRhcHRlcl9uYW1lICRpcHY0X2FkZHJlc3NlcykpCgogICAgICAgIElmKCRyZXN1bHQuY2hhbmdlZCkgewogICAgICAgICAgICBJZigtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICAgICBTZXQtRG5zQ2xpZW50QWRkcmVzc2VzICRhZGFwdGVyX25hbWUgJGlwdjRfYWRkcmVzc2VzCiAgICAgICAgICAgIH0KICAgICAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICAgICBXcml0ZS1EZWJ1Z0xvZyAiQ2hlY2sgbW9kZSwgc2tpcHBpbmciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9CgogICAgRXhpdC1Kc29uICRyZXN1bHQKCn0KQ2F0Y2ggewogICAgJGV4Y2VwID0gJF8KCiAgICBXcml0ZS1EZWJ1Z0xvZyAiRXhjZXB0aW9uOiAkKCRleGNlcCB8IG91dC1zdHJpbmcpIgoKICAgIFRocm93Cn0KCg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_dns_client", "_ansible_remote_tmp": "%TEMP%", "_ansible_keep_remote_files": false, "_ansible_verbosity": 2, "ipv4_addresses": ["10.222.0.78", "8.8.8.8", "4.4.4.4"], "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_diff": false, "adapter_names": "Ethernet", "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: bd9a71a2-fbb8-493f-a419-57a8adcd31e8 Path:	4104	1		3	2	15	0	1523	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	4408	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:27 PM	1909dffc-a75a-0004-fa38-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXB ScriptBlock ID: bd9a71a2-fbb8-493f-a419-57a8adcd31e8 Path:	4104	1		3	2	15	0	1522	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	4408	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:27 PM	1909dffc-a75a-0004-fa38-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1521	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:27 PM	1909dffc-a75a-0001-cbf3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1652 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1520	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	1616	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:27 PM	1909dffc-a75a-0001-cbf3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1519	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1652	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:27 PM	1909dffc-a75a-0001-cbf3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetUDPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetUDPSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetUDPSetting' -Alias '*' function Set-NetUDPSetting { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetUDPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort')) { [object]$__cmdletization_value = ${DynamicPortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${DynamicPortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetUDPSetting' -Alias '*' ScriptBlock ID: cb59d03c-c1ad-4256-97c0-e7054d3839fc Path:	4104	1		3	2	15	0	1518	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-e3ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetUDPEndpoint' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetUDPEndpoint { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetUDPEndpoint')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('IPAddress')] [ValidateNotNull()] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${OwningProcess}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [datetime[]] ${CreationTime}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('LocalAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalAddress}) $__cmdletization_queryBuilder.FilterByProperty('LocalAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPort}) $__cmdletization_queryBuilder.FilterByProperty('LocalPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OwningProcess') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OwningProcess}) $__cmdletization_queryBuilder.FilterByProperty('OwningProcess', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CreationTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CreationTime}) $__cmdletization_queryBuilder.FilterByProperty('CreationTime', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetUDPEndpoint.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetUDPEndpoint' -Alias '*' ScriptBlock ID: 59c3d0da-f481-493c-9ca1-f1f5d6346ee9 Path:	4104	1		3	2	15	0	1517	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-e0ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortStart}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortEnd}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortStart}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortEnd}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedTCPSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTCPSetting}, 'MSFT_NetTransportFilterTCPSetting', 'Dependent', 'Antecedent', 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTransportFilter' -Alias '*' function Remove-NetTransportFilter { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTransportFilter')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance] ${AssociatedTCPSetting}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetTransportFilter')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortStart}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPortEnd}) $__cmdletization_queryBuilder.FilterByProperty('LocalPortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortStart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortStart}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortStart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePortEnd') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePortEnd}) $__cmdletization_queryBuilder.FilterByProperty('RemotePortEnd', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedTCPSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTCPSetting}, 'MSFT_NetTransportFilterTCPSetting', 'Dependent', 'Antecedent', 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetTransportFilter' -Alias '*' ScriptBlock ID: 4934076f-a6ab-43b4-b6aa-ee419c7f0394 Path:	4104	1		3	2	15	0	1516	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-dbed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTransportFilter' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetTransportFilter { [CmdletBinding(SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] param( [Parameter(ParameterSetName='cim:CreateInstance0', Mandatory=$true)] [string] ${SettingName}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol] ${Protocol}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${LocalPortStart}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${LocalPortEnd}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${RemotePortStart}, [Parameter(ParameterSetName='cim:CreateInstance0')] [uint16] ${RemotePortEnd}, [Parameter(ParameterSetName='cim:CreateInstance0')] [string] ${DestinationPrefix}, [Parameter(ParameterSetName='cim:CreateInstance0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='cim:CreateInstance0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='cim:CreateInstance0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SettingName')) { [object]$__cmdletization_value = ${SettingName} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SettingName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SettingName'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPortStart')) { [object]$__cmdletization_value = ${LocalPortStart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalPortEnd')) { [object]$__cmdletization_value = ${LocalPortEnd} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalPortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePortStart')) { [object]$__cmdletization_value = ${RemotePortStart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortStart'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemotePortEnd')) { [object]$__cmdletization_value = ${RemotePortEnd} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemotePortEnd'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.Int32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:CreateInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTransportFilter.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetTransportFilter' -Alias '*' function Get-NetTransportFilter { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTransportFilter')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTransportFilter.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${LocalPortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortStart}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePortEnd}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance] ${AssociatedTCPSetting}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters. ScriptBlock ID: 4934076f-a6ab-43b4-b6aa-ee419c7f0394 Path:	4104	1		3	2	15	0	1515	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-dbed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ell.Cmdletization.MethodParameter]@{Name = 'ForceWS'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceWS'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxSynRetransmissions')) { [object]$__cmdletization_value = ${MaxSynRetransmissions} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSynRetransmissions'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxSynRetransmissions'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoReusePortRangeStartPort')) { [object]$__cmdletization_value = ${AutoReusePortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoReusePortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${AutoReusePortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoReusePortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetTCPSetting' -Alias '*' ScriptBlock ID: 43fa6328-4324-4510-b892-ec0526fb6305 Path:	4104	1		3	2	15	0	1514	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-d7ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): Name='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency] ${NonSackRttResiliency}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS] ${ForceWS}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${MaxSynRetransmissions}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${AutoReusePortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${AutoReusePortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MinRtoMs')) { [object]$__cmdletization_value = ${MinRtoMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InitialCongestionWindowMss')) { [object]$__cmdletization_value = ${InitialCongestionWindowMss} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialCongestionWindow'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialCongestionWindow'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CongestionProvider')) { [object]$__cmdletization_value = ${CongestionProvider} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CongestionProvider'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CongestionProvider'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CwndRestart')) { [object]$__cmdletization_value = ${CwndRestart} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CwndRestart'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CwndRestart'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DelayedAckTimeoutMs')) { [object]$__cmdletization_value = ${DelayedAckTimeoutMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckTimeout'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DelayedAckFrequency')) { [object]$__cmdletization_value = ${DelayedAckFrequency} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckFrequency'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DelayedAckFrequency'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MemoryPressureProtection')) { [object]$__cmdletization_value = ${MemoryPressureProtection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MemoryPressureProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MemoryPressureProtection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutoTuningLevelLocal')) { [object]$__cmdletization_value = ${AutoTuningLevelLocal} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoTuningLevelLocal'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutoTuningLevelLocal'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EcnCapability')) { [object]$__cmdletization_value = ${EcnCapability} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnCapability'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnCapability'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Timestamps')) { [object]$__cmdletization_value = ${Timestamps} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Timestamps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Timestamps'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InitialRtoMs')) { [object]$__cmdletization_value = ${InitialRtoMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InitialRto'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ScalingHeuristics')) { [object]$__cmdletization_value = ${ScalingHeuristics} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScalingHeuristics'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ScalingHeuristics'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort')) { [object]$__cmdletization_value = ${DynamicPortRangeStartPort} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeStartPort'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts')) { [object]$__cmdletization_value = ${DynamicPortRangeNumberOfPorts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DynamicPortRangeNumberOfPorts'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutomaticUseCustom')) { [object]$__cmdletization_value = ${AutomaticUseCustom} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticUseCustom'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticUseCustom'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NonSackRttResiliency')) { [object]$__cmdletization_value = ${NonSackRttResiliency} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NonSackRttResiliency'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NonSackRttResiliency'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceWS')) { [object]$__cmdletization_value = ${ForceWS} $__cmdletization_methodParameter = [Microsoft.PowerSh ScriptBlock ID: 43fa6328-4324-4510-b892-ec0526fb6305 Path:	4104	1		3	2	15	0	1513	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-d7ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTCPSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetTCPSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='ByName')] [Alias('MinRto')] [ValidateNotNull()] [uint32[]] ${MinRtoMs}, [Parameter(ParameterSetName='ByName')] [Alias('InitialCongestionWindow')] [ValidateNotNull()] [uint32[]] ${InitialCongestionWindowMss}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider[]] ${CongestionProvider}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart[]] ${CwndRestart}, [Parameter(ParameterSetName='ByName')] [Alias('DelayedAckTimeout')] [ValidateNotNull()] [uint32[]] ${DelayedAckTimeoutMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [byte[]] ${DelayedAckFrequency}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection[]] ${MemoryPressureProtection}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal[]] ${AutoTuningLevelLocal}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelGroupPolicy[]] ${AutoTuningLevelGroupPolicy}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelEffective[]] ${AutoTuningLevelEffective}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability[]] ${EcnCapability}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps[]] ${Timestamps}, [Parameter(ParameterSetName='ByName')] [Alias('InitialRto')] [ValidateNotNull()] [uint32[]] ${InitialRtoMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics[]] ${ScalingHeuristics}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom[]] ${AutomaticUseCustom}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.NonSackRttResiliency[]] ${NonSackRttResiliency}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ForceWS[]] ${ForceWS}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [byte[]] ${MaxSynRetransmissions}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${AutoReusePortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${AutoReusePortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetTransportFilter')] [ValidateNotNull()] [ciminstance] ${AssociatedTransportFilter}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('SettingName') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SettingName}) $__cmdletization_queryBuilder.FilterByProperty('SettingName', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('MinRtoMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MinRtoMs}) $__cmdletization_queryBuilder.FilterByProperty('MinRto', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InitialCongestionWindowMss') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InitialCongestionWindowMss}) $__cmdletization_queryBuilder.FilterByProperty('InitialCongestionWindow', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CongestionProvider') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CongestionProvider}) $__cmdletization_queryBuilder.FilterByProperty('CongestionProvider', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CwndRestart') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CwndRestart}) $__cmdletization_queryBuilder.FilterByProperty('CwndRestart', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DelayedAckTimeoutMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DelayedAckTimeoutMs}) $__cmdletization_queryBuilder.FilterByProperty('DelayedAckTimeout', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DelayedAckFrequency') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DelayedAckFrequency}) $__cmdletization_queryBuilder.FilterByProperty('DelayedAckFrequency', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MemoryPressureProtection') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MemoryPressureProtection}) $__cmdletization_queryBuilder.FilterByProperty('MemoryPressureProtection', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelLocal') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelLocal}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelLocal', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelGroupPolicy') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelGroupPolicy}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelGroupPolicy', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoTuningLevelEffective') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoTuningLevelEffective}) $__cmdletization_queryBuilder.FilterByProperty('AutoTuningLevelEffective', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EcnCapability') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EcnCapability}) $__cmdletization_queryBuilder.FilterByProperty('EcnCapability', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Timestamps') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Timestamps}) $__cmdletization_queryBuilder.FilterByProperty('Timestamps', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InitialRtoMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InitialRtoMs}) $__cmdletization_queryBuilder.FilterByProperty('InitialRto', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ScalingHeuristics') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ScalingHeuristics}) $__cmdletization_queryBuilder.FilterByProperty('ScalingHeuristics', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DynamicPortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DynamicPortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('DynamicPortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutomaticUseCustom') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutomaticUseCustom}) $__cmdletization_queryBuilder.FilterByProperty('AutomaticUseCustom', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NonSackRttResiliency') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NonSackRttResiliency}) $__cmdletization_queryBuilder.FilterByProperty('NonSackRttResiliency', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceWS') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceWS}) $__cmdletization_queryBuilder.FilterByProperty('ForceWS', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxSynRetransmissions') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxSynRetransmissions}) $__cmdletization_queryBuilder.FilterByProperty('MaxSynRetransmissions', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoReusePortRangeStartPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoReusePortRangeStartPort}) $__cmdletization_queryBuilder.FilterByProperty('AutoReusePortRangeStartPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutoReusePortRangeNumberOfPorts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutoReusePortRangeNumberOfPorts}) $__cmdletization_queryBuilder.FilterByProperty('AutoReusePortRangeNumberOfPorts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedTransportFilter') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedTransportFilter}, 'MSFT_NetTransportFilterTCPSetting', 'Antecedent', 'Dependent', 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTCPSetting' -Alias '*' function Set-NetTCPSetting { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPSetting')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${SettingName}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetTCPSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MinRto')] [uint32] ${MinRtoMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('InitialCongestionWindow')] [uint32] ${InitialCongestionWindowMss}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CongestionProvider] ${CongestionProvider}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.CwndRestart] ${CwndRestart}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DelayedAckTimeout')] [uint32] ${DelayedAckTimeoutMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${DelayedAckFrequency}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.MemoryPressureProtection] ${MemoryPressureProtection}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutoTuningLevelLocal] ${AutoTuningLevelLocal}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.EcnCapability] ${EcnCapability}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.Timestamps] ${Timestamps}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('InitialRto')] [uint32] ${InitialRtoMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.ScalingHeuristics] ${ScalingHeuristics}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeStartPort}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${DynamicPortRangeNumberOfPorts}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPSetting.AutomaticUseCustom] ${AutomaticUseCustom}, [Parameter(ParameterSet ScriptBlock ID: 43fa6328-4324-4510-b892-ec0526fb6305 Path:	4104	1		3	2	15	0	1512	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-d7ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetTCPConnection' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetTCPConnection { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetTCPConnection')] param( [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('IPAddress')] [ValidateNotNull()] [string[]] ${LocalAddress}, [Parameter(ParameterSetName='ByName', Position=1)] [ValidateNotNull()] [uint16[]] ${LocalPort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${RemoteAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RemotePort}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.AppliedSetting[]] ${AppliedSetting}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${OwningProcess}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [datetime[]] ${CreationTime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetTCPConnection.OffloadState[]] ${OffloadState}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('LocalAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalAddress}) $__cmdletization_queryBuilder.FilterByProperty('LocalAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LocalPort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LocalPort}) $__cmdletization_queryBuilder.FilterByProperty('LocalPort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RemoteAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemoteAddress}) $__cmdletization_queryBuilder.FilterByProperty('RemoteAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('RemotePort') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RemotePort}) $__cmdletization_queryBuilder.FilterByProperty('RemotePort', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AppliedSetting') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AppliedSetting}) $__cmdletization_queryBuilder.FilterByProperty('AppliedSetting', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OwningProcess') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OwningProcess}) $__cmdletization_queryBuilder.FilterByProperty('OwningProcess', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CreationTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CreationTime}) $__cmdletization_queryBuilder.FilterByProperty('CreationTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OffloadState') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OffloadState}) $__cmdletization_queryBuilder.FilterByProperty('OffloadState', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetTCPConnection.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetTCPConnection' -Alias '*' ScriptBlock ID: b38ffe26-afa6-4dd8-8812-f99c0cd31ef2 Path:	4104	1		3	2	15	0	1511	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-d4ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ='ByName')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetRoute')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Publish') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Publish}) $__cmdletization_queryBuilder.FilterByProperty('Publish', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteMetric}) $__cmdletization_queryBuilder.FilterByProperty('RouteMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceRoute', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetRoute' -Alias '*' ScriptBlock ID: 49f67b8e-cf5d-4950-aeb4-3fc407b17219 Path:	4104	1		3	2	15	0	1510	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-cded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Publish') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Publish}) $__cmdletization_queryBuilder.FilterByProperty('Publish', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteMetric}) $__cmdletization_queryBuilder.FilterByProperty('RouteMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceRoute', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetRoute' -Alias '*' function Set-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetRoute')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish] ${Publish}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint16] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DestinationPrefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DestinationPrefix}) $__cmdletization_queryBuilder.FilterByProperty('DestinationPrefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('NextHop') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NextHop}) $__cmdletization_queryBuilder.FilterByProperty('NextHop', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Protocol') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Protocol}) $__cmdletization_queryBuilder.FilterByProperty('Protocol', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetRoute' -Alias '*' function Remove-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish[]] ${Publish}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName ScriptBlock ID: 49f67b8e-cf5d-4950-aeb4-3fc407b17219 Path:	4104	1		3	2	15	0	1509	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-cded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): lue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NextHop')) { [object]$__cmdletization_value = ${NextHop} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetRoute' -Alias '*' function Find-NetRoute { [CmdletBinding(PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='Find0')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='Find0')] [string] ${LocalIPAddress}, [Parameter(ParameterSetName='Find0', Mandatory=$true)] [string] ${RemoteIPAddress}, [Parameter(ParameterSetName='Find0')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Find0')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Find0')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LocalIPAddress')) { [object]$__cmdletization_value = ${LocalIPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LocalIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RemoteIPAddress')) { [object]$__cmdletization_value = ${RemoteIPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RemoteIPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Find', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetRoute.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Find-NetRoute' -Alias '*' function Get-NetRoute { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetRoute')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${DestinationPrefix}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${NextHop}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish[]] ${Publish}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint16[]] ${RouteMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol[]] ${Protocol}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) ScriptBlock ID: 49f67b8e-cf5d-4950-aeb4-3fc407b17219 Path:	4104	1		3	2	15	0	1508	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-cded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetRoute' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetRoute { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0)] [string] ${DestinationPrefix}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${NextHop}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish] ${Publish}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [uint16] ${RouteMetric}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol] ${Protocol}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NextHop')) { [object]$__cmdletization_value = ${NextHop} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NextHop'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Publish')) { [object]$__cmdletization_value = ${Publish} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Publish'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Publish'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteMetric')) { [object]$__cmdletization_value = ${RouteMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteMetric'; ParameterType = 'System.UInt16'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Protocol')) { [object]$__cmdletization_value = ${Protocol} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Protocol'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.Protocol'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DestinationPrefix')) { [object]$__cmdletization_value = ${DestinationPrefix} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DestinationPrefix'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetRoute.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultVa ScriptBlock ID: 49f67b8e-cf5d-4950-aeb4-3fc407b17219 Path:	4104	1		3	2	15	0	1507	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-cded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetPrefixPolicy' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetPrefixPolicy { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetPrefixPolicy')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${Prefix}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${Precedence}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${Label}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('Prefix') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Prefix}) $__cmdletization_queryBuilder.FilterByProperty('Prefix', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('Precedence') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Precedence}) $__cmdletization_queryBuilder.FilterByProperty('Precedence', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Label') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Label}) $__cmdletization_queryBuilder.FilterByProperty('Label', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetPrefixPolicy.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetPrefixPolicy' -Alias '*' ScriptBlock ID: ff49c139-f517-4871-83d6-e6b6b77a35b4 Path:	4104	1		3	2	15	0	1506	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-caed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 2): ; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PacketCoalescingFilter')) { [object]$__cmdletization_value = ${PacketCoalescingFilter} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PacketCoalescingFilter'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PacketCoalescingFilter'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetOffloadGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetOffloadGlobalSetting' -Alias '*' ScriptBlock ID: 7a367184-99a9-4d73-9187-f81655c90e01 Path:	4104	1		3	2	15	0	1505	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c6ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 2): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetOffloadGlobalSetting { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${ReceiveSideScaling}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${ReceiveSegmentCoalescing}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum[]] ${Chimney}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${TaskOffload}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${NetworkDirect}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum[]] ${NetworkDirectAcrossIPSubnets}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum[]] ${PacketCoalescingFilter}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('ReceiveSideScaling') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReceiveSideScaling}) $__cmdletization_queryBuilder.FilterByProperty('ReceiveSideScaling', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReceiveSegmentCoalescing') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReceiveSegmentCoalescing}) $__cmdletization_queryBuilder.FilterByProperty('ReceiveSegmentCoalescing', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Chimney') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Chimney}) $__cmdletization_queryBuilder.FilterByProperty('Chimney', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TaskOffload') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TaskOffload}) $__cmdletization_queryBuilder.FilterByProperty('TaskOffload', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NetworkDirect') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NetworkDirect}) $__cmdletization_queryBuilder.FilterByProperty('NetworkDirect', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NetworkDirectAcrossIPSubnets') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NetworkDirectAcrossIPSubnets}) $__cmdletization_queryBuilder.FilterByProperty('NetworkDirectAcrossIPSubnets', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PacketCoalescingFilter') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PacketCoalescingFilter}) $__cmdletization_queryBuilder.FilterByProperty('PacketCoalescingFilter', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetOffloadGlobalSetting.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetOffloadGlobalSetting' -Alias '*' function Set-NetOffloadGlobalSetting { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetOffloadGlobalSetting')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetOffloadGlobalSetting')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${ReceiveSideScaling}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${ReceiveSegmentCoalescing}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum] ${Chimney}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${TaskOffload}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${NetworkDirect}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum] ${NetworkDirectAcrossIPSubnets}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum] ${PacketCoalescingFilter}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReceiveSideScaling')) { [object]$__cmdletization_value = ${ReceiveSideScaling} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSideScaling'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSideScaling'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReceiveSegmentCoalescing')) { [object]$__cmdletization_value = ${ReceiveSegmentCoalescing} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSegmentCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReceiveSegmentCoalescing'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Chimney')) { [object]$__cmdletization_value = ${Chimney} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Chimney'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Chimney'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.ChimneyEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TaskOffload')) { [object]$__cmdletization_value = ${TaskOffload} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TaskOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'TaskOffload'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NetworkDirect')) { [object]$__cmdletization_value = ${NetworkDirect} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirect'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.EnabledDisabledEnum'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NetworkDirectAcrossIPSubnets')) { [object]$__cmdletization_value = ${NetworkDirectAcrossIPSubnets} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirectAcrossIPSubnets'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NetworkDirectAcrossIPSubnets'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetOffloadGlobalSetting.AllowedBlockedEnum' ScriptBlock ID: 7a367184-99a9-4d73-9187-f81655c90e01 Path:	4104	1		3	2	15	0	1504	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c6ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LinkLayerAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LinkLayerAddress}) $__cmdletization_queryBuilder.FilterByProperty('LinkLayerAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceNeighbor', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetNeighbor' -Alias '*' ScriptBlock ID: a9a87e4e-e99b-4e3b-b83d-7fb4db44a965 Path:	4104	1		3	2	15	0	1503	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c0ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetNeighbor' -Alias '*' function Set-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [string] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetNeighbor' -Alias '*' function Remove-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__ ScriptBlock ID: a9a87e4e-e99b-4e3b-b83d-7fb4db44a965 Path:	4104	1		3	2	15	0	1502	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c0ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): tization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('State')) { [object]$__cmdletization_value = ${State} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetNeighbor.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetNeighbor' -Alias '*' function Get-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetNeighbor')] param( [Parameter(ParameterSetName='ByName', Position=0)] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [string[]] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State[]] ${State}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('LinkLayerAddress') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${LinkLayerAddress}) $__cmdletization_queryBuilder.FilterByProperty('LinkLayerAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('State') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${State}) $__cmdletization_queryBuilder.FilterByProperty('State', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceNeighbor', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__ ScriptBlock ID: a9a87e4e-e99b-4e3b-b83d-7fb4db44a965 Path:	4104	1		3	2	15	0	1501	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c0ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetNeighbor' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetNeighbor { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0)] [string] ${IPAddress}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${LinkLayerAddress}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State] ${State}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('LinkLayerAddress')) { [object]$__cmdletization_value = ${LinkLayerAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'LinkLayerAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('State')) { [object]$__cmdletization_value = ${State} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'State'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.State'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetNeighbor.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdle ScriptBlock ID: a9a87e4e-e99b-4e3b-b83d-7fb4db44a965 Path:	4104	1		3	2	15	0	1500	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-c0ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): on_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('UseTemporaryAddresses')) { [object]$__cmdletization_value = ${UseTemporaryAddresses} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseTemporaryAddresses'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'UseTemporaryAddresses'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryDadAttempts')) { [object]$__cmdletization_value = ${MaxTemporaryDadAttempts} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxDadAttempts'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxDadAttempts'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryValidLifetime')) { [object]$__cmdletization_value = ${MaxTemporaryValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryPreferredLifetime')) { [object]$__cmdletization_value = ${MaxTemporaryPreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxPreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('TemporaryRegenerateTime')) { [object]$__cmdletization_value = ${TemporaryRegenerateTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegenerateTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RegenerateTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MaxTemporaryDesyncTime')) { [object]$__cmdletization_value = ${MaxTemporaryDesyncTime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxRandomTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MaxRandomTime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv6Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPv6Protocol' -Alias '*' ScriptBlock ID: e1dd8a12-bf69-47f2-94b4-aa92c44ad905 Path:	4104	1		3	2	15	0	1499	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-bced-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): dletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses] ${UseTemporaryAddresses}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxDadAttempts')] [uint32] ${MaxTemporaryDadAttempts}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxValidLifetime')] [timespan] ${MaxTemporaryValidLifetime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxPreferredLifetime')] [timespan] ${MaxTemporaryPreferredLifetime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RegenerateTime')] [timespan] ${TemporaryRegenerateTime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MaxRandomTime')] [timespan] ${MaxTemporaryDesyncTime}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultHopLimit')) { [object]$__cmdletization_value = ${DefaultHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries')) { [object]$__cmdletization_value = ${NeighborCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries')) { [object]$__cmdletization_value = ${RouteCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes')) { [object]$__cmdletization_value = ${ReassemblyLimitBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpRedirects')) { [object]$__cmdletization_value = ${IcmpRedirects} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior')) { [object]$__cmdletization_value = ${SourceRoutingBehavior} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DhcpMediaSense')) { [object]$__cmdletization_value = ${DhcpMediaSense} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MediaSenseEventLog')) { [object]$__cmdletization_value = ${MediaSenseEventLog} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MldLevel')) { [object]$__cmdletization_value = ${MldLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MldVersion')) { [object]$__cmdletization_value = ${MldVersion} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MulticastForwarding')) { [object]$__cmdletization_value = ${MulticastForwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GroupForwardedFragments')) { [object]$__cmdletization_value = ${GroupForwardedFragments} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers')) { [object]$__cmdletization_value = ${RandomizeIdentifiers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressMaskReply')) { [object]$__cmdletization_value = ${AddressMaskReply} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletizati ScriptBlock ID: e1dd8a12-bf69-47f2-94b4-aa92c44ad905 Path:	4104	1		3	2	15	0	1498	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-bced-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPv6Protocol' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPv6Protocol { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv6Protocol')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DefaultHopLimit}, [Parameter(ParameterSetName='ByName')] [Alias('NeighborCacheLimit')] [ValidateNotNull()] [uint32[]] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('RouteCacheLimit')] [ValidateNotNull()] [uint32[]] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('ReassemblyLimit')] [ValidateNotNull()] [uint32[]] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects[]] ${IcmpRedirects}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior[]] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense[]] ${DhcpMediaSense}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog[]] ${MediaSenseEventLog}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel[]] ${MldLevel}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion[]] ${MldVersion}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding[]] ${MulticastForwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments[]] ${GroupForwardedFragments}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers[]] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply[]] ${AddressMaskReply}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.UseTemporaryAddresses[]] ${UseTemporaryAddresses}, [Parameter(ParameterSetName='ByName')] [Alias('MaxDadAttempts')] [ValidateNotNull()] [uint32[]] ${MaxTemporaryDadAttempts}, [Parameter(ParameterSetName='ByName')] [Alias('MaxValidLifetime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryValidLifetime}, [Parameter(ParameterSetName='ByName')] [Alias('MaxPreferredLifetime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryPreferredLifetime}, [Parameter(ParameterSetName='ByName')] [Alias('RegenerateTime')] [ValidateNotNull()] [timespan[]] ${TemporaryRegenerateTime}, [Parameter(ParameterSetName='ByName')] [Alias('MaxRandomTime')] [ValidateNotNull()] [timespan[]] ${MaxTemporaryDesyncTime}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DefaultHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DefaultHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('DefaultHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('NeighborCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('RouteCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReassemblyLimitBytes}) $__cmdletization_queryBuilder.FilterByProperty('ReassemblyLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IcmpRedirects') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IcmpRedirects}) $__cmdletization_queryBuilder.FilterByProperty('IcmpRedirects', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SourceRoutingBehavior}) $__cmdletization_queryBuilder.FilterByProperty('SourceRoutingBehavior', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DhcpMediaSense') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DhcpMediaSense}) $__cmdletization_queryBuilder.FilterByProperty('DhcpMediaSense', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MediaSenseEventLog') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MediaSenseEventLog}) $__cmdletization_queryBuilder.FilterByProperty('MediaSenseEventLog', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MldLevel') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MldLevel}) $__cmdletization_queryBuilder.FilterByProperty('MldLevel', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MldVersion') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MldVersion}) $__cmdletization_queryBuilder.FilterByProperty('MldVersion', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MulticastForwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MulticastForwarding}) $__cmdletization_queryBuilder.FilterByProperty('MulticastForwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('GroupForwardedFragments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${GroupForwardedFragments}) $__cmdletization_queryBuilder.FilterByProperty('GroupForwardedFragments', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RandomizeIdentifiers}) $__cmdletization_queryBuilder.FilterByProperty('RandomizeIdentifiers', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressMaskReply') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressMaskReply}) $__cmdletization_queryBuilder.FilterByProperty('AddressMaskReply', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('UseTemporaryAddresses') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${UseTemporaryAddresses}) $__cmdletization_queryBuilder.FilterByProperty('UseTemporaryAddresses', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryDadAttempts') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryDadAttempts}) $__cmdletization_queryBuilder.FilterByProperty('MaxDadAttempts', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryValidLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryPreferredLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryPreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('MaxPreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('TemporaryRegenerateTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${TemporaryRegenerateTime}) $__cmdletization_queryBuilder.FilterByProperty('RegenerateTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MaxTemporaryDesyncTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MaxTemporaryDesyncTime}) $__cmdletization_queryBuilder.FilterByProperty('MaxRandomTime', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv6Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPv6Protocol' -Alias '*' function Set-NetIPv6Protocol { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv6Protocol')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPv6Protocol')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefaultHopLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NeighborCacheLimit')] [uint32] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RouteCacheLimit')] [uint32] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ReassemblyLimit')] [uint32] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.IcmpRedirects] ${IcmpRedirects}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.SourceRoutingBehavior] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.DhcpMediaSense] ${DhcpMediaSense}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MediaSenseEventLog] ${MediaSenseEventLog}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldLevel] ${MldLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MldVersion] ${MldVersion}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.MulticastForwarding] ${MulticastForwarding}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.GroupForwardedFragments] ${GroupForwardedFragments}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.RandomizeIdentifiers] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv6Protocol.AddressMaskReply] ${AddressMaskReply}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cm ScriptBlock ID: e1dd8a12-bf69-47f2-94b4-aa92c44ad905 Path:	4104	1		3	2	15	0	1497	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0002-bced-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DhcpMediaSense'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MediaSenseEventLog')) { [object]$__cmdletization_value = ${MediaSenseEventLog} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MediaSenseEventLog'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IGMPLevel')) { [object]$__cmdletization_value = ${IGMPLevel} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldLevel'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IGMPVersion')) { [object]$__cmdletization_value = ${IGMPVersion} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MldVersion'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MulticastForwarding')) { [object]$__cmdletization_value = ${MulticastForwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MulticastForwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('GroupForwardedFragments')) { [object]$__cmdletization_value = ${GroupForwardedFragments} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'GroupForwardedFragments'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers')) { [object]$__cmdletization_value = ${RandomizeIdentifiers} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RandomizeIdentifiers'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressMaskReply')) { [object]$__cmdletization_value = ${AddressMaskReply} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressMaskReply'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('MinimumMtu')) { [object]$__cmdletization_value = ${MinimumMtu} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinimumMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'MinimumMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv4Protocol.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPv4Protocol' -Alias '*' ScriptBlock ID: 97ff4d0a-7f97-486b-9ea9-73433a7b42d6 Path:	4104	1		3	2	15	0	1496	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0003-d7ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): l-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPv4Protocol' -Alias '*' function Set-NetIPv4Protocol { [CmdletBinding(DefaultParameterSetName='InputObject (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv4Protocol')] param( [Parameter(ParameterSetName='InputObject (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPv4Protocol')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DefaultHopLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('NeighborCacheLimit')] [uint32] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RouteCacheLimit')] [uint32] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('ReassemblyLimit')] [uint32] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects] ${IcmpRedirects}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense] ${DhcpMediaSense}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog] ${MediaSenseEventLog}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MldLevel')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel] ${IGMPLevel}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('MldVersion')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion] ${IGMPVersion}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding] ${MulticastForwarding}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments] ${GroupForwardedFragments}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply] ${AddressMaskReply}, [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${MinimumMtu}, [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultHopLimit')) { [object]$__cmdletization_value = ${DefaultHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries')) { [object]$__cmdletization_value = ${NeighborCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries')) { [object]$__cmdletization_value = ${RouteCacheLimitEntries} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouteCacheLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes')) { [object]$__cmdletization_value = ${ReassemblyLimitBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ReassemblyLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IcmpRedirects')) { [object]$__cmdletization_value = ${IcmpRedirects} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IcmpRedirects'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior')) { [object]$__cmdletization_value = ${SourceRoutingBehavior} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SourceRoutingBehavior'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DhcpMediaSense')) { [object]$__cmdletization_value = ${DhcpMediaSense} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodPar ScriptBlock ID: 97ff4d0a-7f97-486b-9ea9-73433a7b42d6 Path:	4104	1		3	2	15	0	1495	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0003-d7ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPv4Protocol' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPv4Protocol { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPv4Protocol')] param( [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DefaultHopLimit}, [Parameter(ParameterSetName='ByName')] [Alias('NeighborCacheLimit')] [ValidateNotNull()] [uint32[]] ${NeighborCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('RouteCacheLimit')] [ValidateNotNull()] [uint32[]] ${RouteCacheLimitEntries}, [Parameter(ParameterSetName='ByName')] [Alias('ReassemblyLimit')] [ValidateNotNull()] [uint32[]] ${ReassemblyLimitBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.IcmpRedirects[]] ${IcmpRedirects}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.SourceRoutingBehavior[]] ${SourceRoutingBehavior}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.DhcpMediaSense[]] ${DhcpMediaSense}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MediaSenseEventLog[]] ${MediaSenseEventLog}, [Parameter(ParameterSetName='ByName')] [Alias('MldLevel')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldLevel[]] ${IGMPLevel}, [Parameter(ParameterSetName='ByName')] [Alias('MldVersion')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MldVersion[]] ${IGMPVersion}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.MulticastForwarding[]] ${MulticastForwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.GroupForwardedFragments[]] ${GroupForwardedFragments}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.RandomizeIdentifiers[]] ${RandomizeIdentifiers}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPv4Protocol.AddressMaskReply[]] ${AddressMaskReply}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${MinimumMtu}, [Parameter(ParameterSetName='ByName')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('DefaultHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DefaultHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('DefaultHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('NeighborCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouteCacheLimitEntries') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouteCacheLimitEntries}) $__cmdletization_queryBuilder.FilterByProperty('RouteCacheLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReassemblyLimitBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReassemblyLimitBytes}) $__cmdletization_queryBuilder.FilterByProperty('ReassemblyLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IcmpRedirects') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IcmpRedirects}) $__cmdletization_queryBuilder.FilterByProperty('IcmpRedirects', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SourceRoutingBehavior') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SourceRoutingBehavior}) $__cmdletization_queryBuilder.FilterByProperty('SourceRoutingBehavior', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DhcpMediaSense') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DhcpMediaSense}) $__cmdletization_queryBuilder.FilterByProperty('DhcpMediaSense', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MediaSenseEventLog') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MediaSenseEventLog}) $__cmdletization_queryBuilder.FilterByProperty('MediaSenseEventLog', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IGMPLevel') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IGMPLevel}) $__cmdletization_queryBuilder.FilterByProperty('MldLevel', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IGMPVersion') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IGMPVersion}) $__cmdletization_queryBuilder.FilterByProperty('MldVersion', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MulticastForwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MulticastForwarding}) $__cmdletization_queryBuilder.FilterByProperty('MulticastForwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('GroupForwardedFragments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${GroupForwardedFragments}) $__cmdletization_queryBuilder.FilterByProperty('GroupForwardedFragments', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RandomizeIdentifiers') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RandomizeIdentifiers}) $__cmdletization_queryBuilder.FilterByProperty('RandomizeIdentifiers', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressMaskReply') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressMaskReply}) $__cmdletization_queryBuilder.FilterByProperty('AddressMaskReply', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('MinimumMtu') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${MinimumMtu}) $__cmdletization_queryBuilder.FilterByProperty('MinimumMtu', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPv4Protocol.cdxm ScriptBlock ID: 97ff4d0a-7f97-486b-9ea9-73433a7b42d6 Path:	4104	1		3	2	15	0	1494	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:25 PM	1909dffc-a75a-0003-d7ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ($PSBoundParameters.ContainsKey('WeakHostReceive')) { [object]$__cmdletization_value = ${WeakHostReceive} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostReceive'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostReceive'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IgnoreDefaultRoutes')) { [object]$__cmdletization_value = ${IgnoreDefaultRoutes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IgnoreDefaultRoutes'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IgnoreDefaultRoutes'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AdvertisedRouterLifetime')) { [object]$__cmdletization_value = ${AdvertisedRouterLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertisedRouterLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertisedRouterLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AdvertiseDefaultRoute')) { [object]$__cmdletization_value = ${AdvertiseDefaultRoute} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertiseDefaultRoute'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AdvertiseDefaultRoute'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('CurrentHopLimit')) { [object]$__cmdletization_value = ${CurrentHopLimit} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CurrentHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CurrentHopLimit'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ForceArpNdWolPattern')) { [object]$__cmdletization_value = ${ForceArpNdWolPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceArpNdWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ForceArpNdWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DirectedMacWolPattern')) { [object]$__cmdletization_value = ${DirectedMacWolPattern} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DirectedMacWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DirectedMacWolPattern'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('EcnMarking')) { [object]$__cmdletization_value = ${EcnMarking} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnMarking'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'EcnMarking'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Dhcp')) { [object]$__cmdletization_value = ${Dhcp} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dhcp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Dhcp'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AutomaticMetric')) { [object]$__cmdletization_value = ${AutomaticMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticMetric'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AutomaticMetric'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPInterface.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPInterface' -Alias '*' ScriptBlock ID: 7c692b18-729a-499b-b742-7ae84e86264b Path:	4104	1		3	2	15	0	1493	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-b8ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReachableTime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReachableTime}) $__cmdletization_queryBuilder.FilterByProperty('ReachableTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborDiscoverySupported') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborDiscoverySupported}) $__cmdletization_queryBuilder.FilterByProperty('NeighborDiscoverySupported', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByName', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Forwarding')) { [object]$__cmdletization_value = ${Forwarding} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Forwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Forwarding'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ClampMss')) { [object]$__cmdletization_value = ${ClampMss} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ClampMss'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ClampMss'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Advertising')) { [object]$__cmdletization_value = ${Advertising} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Advertising'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Advertising'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NlMtuBytes')) { [object]$__cmdletization_value = ${NlMtuBytes} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NlMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NlMtu'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceMetric')) { [object]$__cmdletization_value = ${InterfaceMetric} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceMetric'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceMetric'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('NeighborUnreachabilityDetection')) { [object]$__cmdletization_value = ${NeighborUnreachabilityDetection} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborUnreachabilityDetection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'NeighborUnreachabilityDetection'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('BaseReachableTimeMs')) { [object]$__cmdletization_value = ${BaseReachableTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseReachableTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'BaseReachableTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RetransmitTimeMs')) { [object]$__cmdletization_value = ${RetransmitTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DadTransmits')) { [object]$__cmdletization_value = ${DadTransmits} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadTransmits'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadTransmits'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DadRetransmitTimeMs')) { [object]$__cmdletization_value = ${DadRetransmitTimeMs} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadRetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DadRetransmitTime'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('RouterDiscovery')) { [object]$__cmdletization_value = ${RouterDiscovery} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouterDiscovery'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'RouterDiscovery'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ManagedAddressConfiguration')) { [object]$__cmdletization_value = ${ManagedAddressConfiguration} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ManagedAddressConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ManagedAddressConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('OtherStatefulConfiguration')) { [object]$__cmdletization_value = ${OtherStatefulConfiguration} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OtherStatefulConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'OtherStatefulConfiguration'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('WeakHostSend')) { [object]$__cmdletization_value = ${WeakHostSend} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostSend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'WeakHostSend'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ScriptBlock ID: 7c692b18-729a-499b-b742-7ae84e86264b Path:	4104	1		3	2	15	0	1492	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-b8ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ulConfiguration', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('WeakHostSend') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${WeakHostSend}) $__cmdletization_queryBuilder.FilterByProperty('WeakHostSend', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('WeakHostReceive') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${WeakHostReceive}) $__cmdletization_queryBuilder.FilterByProperty('WeakHostReceive', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('IgnoreDefaultRoutes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IgnoreDefaultRoutes}) $__cmdletization_queryBuilder.FilterByProperty('IgnoreDefaultRoutes', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AdvertisedRouterLifetime') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AdvertisedRouterLifetime}) $__cmdletization_queryBuilder.FilterByProperty('AdvertisedRouterLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AdvertiseDefaultRoute') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AdvertiseDefaultRoute}) $__cmdletization_queryBuilder.FilterByProperty('AdvertiseDefaultRoute', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CurrentHopLimit') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CurrentHopLimit}) $__cmdletization_queryBuilder.FilterByProperty('CurrentHopLimit', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ForceArpNdWolPattern') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ForceArpNdWolPattern}) $__cmdletization_queryBuilder.FilterByProperty('ForceArpNdWolPattern', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DirectedMacWolPattern') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DirectedMacWolPattern}) $__cmdletization_queryBuilder.FilterByProperty('DirectedMacWolPattern', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('EcnMarking') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${EcnMarking}) $__cmdletization_queryBuilder.FilterByProperty('EcnMarking', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Dhcp') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Dhcp}) $__cmdletization_queryBuilder.FilterByProperty('Dhcp', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ConnectionState') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ConnectionState}) $__cmdletization_queryBuilder.FilterByProperty('ConnectionState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AutomaticMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AutomaticMetric}) $__cmdletization_queryBuilder.FilterByProperty('AutomaticMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborDiscoverySupported') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborDiscoverySupported}) $__cmdletization_queryBuilder.FilterByProperty('NeighborDiscoverySupported', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedRoute') -and (@('ByRoute') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedRoute}, 'MSFT_NetIPInterfaceRoute', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPAddress') -and (@('ByIPAddress') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPAddress}, 'MSFT_NetIPInterfaceIPAddress', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedNeighbor') -and (@('ByNeighbor') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedNeighbor}, 'MSFT_NetIPInterfaceNeighbor', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedAdapter') -and (@('ByAdapter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedAdapter}, 'MSFT_NetIPInterfaceAdapter', 'Dependent', 'Antecedent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('ByName', 'ByRoute', 'ByIPAddress', 'ByNeighbor', 'ByAdapter') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPInterface.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPInterface' -Alias '*' function Set-NetIPInterface { [CmdletBinding(DefaultParameterSetName='ByName', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPInterface')] param( [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${ReachableTime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborDiscoverySupported[]] ${NeighborDiscoverySupported}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding] ${Forwarding}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss] ${ClampMss}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising] ${Advertising}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${NlMtuBytes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${InterfaceMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection] ${NeighborUnreachabilityDetection}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('BaseReachableTime')] [uint32] ${BaseReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('RetransmitTime')] [uint32] ${RetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${DadTransmits}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('DadRetransmitTime')] [uint32] ${DadRetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery] ${RouterDiscovery}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration] ${ManagedAddressConfiguration}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration] ${OtherStatefulConfiguration}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend] ${WeakHostSend}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive] ${WeakHostReceive}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes] ${IgnoreDefaultRoutes}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${AdvertisedRouterLifetime}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute] ${AdvertiseDefaultRoute}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [uint32] ${CurrentHopLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern] ${ForceArpNdWolPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern] ${DirectedMacWolPattern}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking] ${EcnMarking}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp] ${Dhcp}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric] ${AutomaticMetric}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) ScriptBlock ID: 7c692b18-729a-499b-b742-7ae84e86264b Path:	4104	1		3	2	15	0	1491	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-b8ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPInterface' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetIPInterface { [CmdletBinding(DefaultParameterSetName='ByName', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPInterface')] param( [Parameter(ParameterSetName='ByName', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='ByName', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Forwarding[]] ${Forwarding}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ClampMss[]] ${ClampMss}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Advertising[]] ${Advertising}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${NlMtuBytes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${InterfaceMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborUnreachabilityDetection[]] ${NeighborUnreachabilityDetection}, [Parameter(ParameterSetName='ByName')] [Alias('BaseReachableTime')] [ValidateNotNull()] [uint32[]] ${BaseReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Alias('ReachableTime')] [ValidateNotNull()] [uint32[]] ${ReachableTimeMs}, [Parameter(ParameterSetName='ByName')] [Alias('RetransmitTime')] [ValidateNotNull()] [uint32[]] ${RetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${DadTransmits}, [Parameter(ParameterSetName='ByName')] [Alias('DadRetransmitTime')] [ValidateNotNull()] [uint32[]] ${DadRetransmitTimeMs}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.RouterDiscovery[]] ${RouterDiscovery}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ManagedAddressConfiguration[]] ${ManagedAddressConfiguration}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.OtherStatefulConfiguration[]] ${OtherStatefulConfiguration}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostSend[]] ${WeakHostSend}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.WeakHostReceive[]] ${WeakHostReceive}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.IgnoreDefaultRoutes[]] ${IgnoreDefaultRoutes}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [timespan[]] ${AdvertisedRouterLifetime}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AdvertiseDefaultRoute[]] ${AdvertiseDefaultRoute}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CurrentHopLimit}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ForceArpNdWolPattern[]] ${ForceArpNdWolPattern}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.DirectedMacWolPattern[]] ${DirectedMacWolPattern}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.EcnMarking[]] ${EcnMarking}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.Dhcp[]] ${Dhcp}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.ConnectionState[]] ${ConnectionState}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.AutomaticMetric[]] ${AutomaticMetric}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPInterface.NeighborDiscoverySupported[]] ${NeighborDiscoverySupported}, [Parameter(ParameterSetName='ByName')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='ByRoute', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetRoute')] [ValidateNotNull()] [ciminstance] ${AssociatedRoute}, [Parameter(ParameterSetName='ByIPAddress', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance] ${AssociatedIPAddress}, [Parameter(ParameterSetName='ByNeighbor', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetNeighbor')] [ValidateNotNull()] [ciminstance] ${AssociatedNeighbor}, [Parameter(ParameterSetName='ByAdapter', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetAdapter')] [ValidateNotNull()] [ciminstance] ${AssociatedAdapter}, [Parameter(ParameterSetName='ByName')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByName')] [Parameter(ParameterSetName='ByRoute')] [Parameter(ParameterSetName='ByIPAddress')] [Parameter(ParameterSetName='ByNeighbor')] [Parameter(ParameterSetName='ByAdapter')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Forwarding') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Forwarding}) $__cmdletization_queryBuilder.FilterByProperty('Forwarding', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ClampMss') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ClampMss}) $__cmdletization_queryBuilder.FilterByProperty('ClampMss', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Advertising') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Advertising}) $__cmdletization_queryBuilder.FilterByProperty('Advertising', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NlMtuBytes') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NlMtuBytes}) $__cmdletization_queryBuilder.FilterByProperty('NlMtu', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceMetric') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceMetric}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceMetric', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('NeighborUnreachabilityDetection') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${NeighborUnreachabilityDetection}) $__cmdletization_queryBuilder.FilterByProperty('NeighborUnreachabilityDetection', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('BaseReachableTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${BaseReachableTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('BaseReachableTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ReachableTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ReachableTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('ReachableTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RetransmitTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RetransmitTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('RetransmitTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DadTransmits') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DadTransmits}) $__cmdletization_queryBuilder.FilterByProperty('DadTransmits', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('DadRetransmitTimeMs') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${DadRetransmitTimeMs}) $__cmdletization_queryBuilder.FilterByProperty('DadRetransmitTime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('RouterDiscovery') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${RouterDiscovery}) $__cmdletization_queryBuilder.FilterByProperty('RouterDiscovery', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ManagedAddressConfiguration') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ManagedAddressConfiguration}) $__cmdletization_queryBuilder.FilterByProperty('ManagedAddressConfiguration', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('OtherStatefulConfiguration') -and (@('ByName') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${OtherStatefulConfiguration}) $__cmdletization_queryBuilder.FilterByProperty('OtherStatef ScriptBlock ID: 7c692b18-729a-499b-b742-7ae84e86264b Path:	4104	1		3	2	15	0	1490	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-b8ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): etization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixLength') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixLength}) $__cmdletization_queryBuilder.FilterByProperty('PrefixLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SkipAsSource') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SkipAsSource}) $__cmdletization_queryBuilder.FilterByProperty('SkipAsSource', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('DefaultGateway') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('DefaultGateway', ${DefaultGateway}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:DeleteInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Remove-NetIPAddress' -Alias '*' ScriptBlock ID: 0d982927-e27f-41ef-839c-61cdc61f6d2f Path:	4104	1		3	2	15	0	1489	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0003-d3ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): ateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [byte] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [bool] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('Query (cdxml)', 'InputObject (cdxml)') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = $null $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('cim:ModifyInstance', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_passThru = $PSBoundParameters.ContainsKey('PassThru') -and $PassThru if ($PSBoundParameters.ContainsKey('InputObject')) { foreach ($x in $InputObject) { $__cmdletization_objectModelWrapper.ProcessRecord($x, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } else { $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder, $__cmdletization_methodInvocationInfo, $__cmdletization_PassThru) } } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Set-NetIPAddress' -Alias '*' function Remove-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='High', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [byte[]] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [bool[]] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${DefaultGateway}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='InputObject (cdxml)', Mandatory=$true, ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#MSFT_NetIPAddress')] [ValidateNotNull()] [ciminstance[]] ${InputObject}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${AsJob}, [Parameter(ParameterSetName='Query (cdxml)')] [Parameter(ParameterSetName='InputObject (cdxml)')] [switch] ${PassThru}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdl ScriptBlock ID: 0d982927-e27f-41ef-839c-61cdc61f6d2f Path:	4104	1		3	2	15	0	1488	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0003-d3ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Type')) { [object]$__cmdletization_value = ${Type} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'New-NetIPAddress' -Alias '*' function Get-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily[]] ${AddressFamily}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type[]] ${Type}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [byte[]] ${PrefixLength}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.PrefixOrigin[]] ${PrefixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.SuffixOrigin[]] ${SuffixOrigin}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressState[]] ${AddressState}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${ValidLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [timespan[]] ${PreferredLifetime}, [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [bool[]] ${SkipAsSource}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipeline=$true)] [PSTypeName('Microsoft.Management.Infrastructure.CimInstance#root/standardcimv2/MSFT_NetIPInterface')] [ValidateNotNull()] [ciminstance] ${AssociatedIPInterface}, [Parameter(ParameterSetName='Query (cdxml)')] [string] ${PolicyStore}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${IncludeAllCompartments}, [Parameter(ParameterSetName='Query (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('IPAddress') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${IPAddress}) $__cmdletization_queryBuilder.FilterByProperty('IPAddress', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceIndex') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceIndex}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceIndex', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('InterfaceAlias') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${InterfaceAlias}) $__cmdletization_queryBuilder.FilterByProperty('InterfaceAlias', $__cmdletization_values, $true, 'Default') } if ($PSBoundParameters.ContainsKey('AddressFamily') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressFamily}) $__cmdletization_queryBuilder.FilterByProperty('AddressFamily', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('Type') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${Type}) $__cmdletization_queryBuilder.FilterByProperty('Type', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixLength') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixLength}) $__cmdletization_queryBuilder.FilterByProperty('PrefixLength', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PrefixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PrefixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('PrefixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SuffixOrigin') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SuffixOrigin}) $__cmdletization_queryBuilder.FilterByProperty('SuffixOrigin', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AddressState') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${AddressState}) $__cmdletization_queryBuilder.FilterByProperty('AddressState', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('ValidLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${ValidLifetime}) $__cmdletization_queryBuilder.FilterByProperty('ValidLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('PreferredLifetime') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${PreferredLifetime}) $__cmdletization_queryBuilder.FilterByProperty('PreferredLifetime', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('SkipAsSource') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${SkipAsSource}) $__cmdletization_queryBuilder.FilterByProperty('SkipAsSource', $__cmdletization_values, $false, 'Default') } if ($PSBoundParameters.ContainsKey('AssociatedIPInterface') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.FilterByAssociatedInstance(${AssociatedIPInterface}, 'MSFT_NetIPInterfaceIPAddress', 'Antecedent', 'Dependent', 'Default') } if ($PSBoundParameters.ContainsKey('PolicyStore') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('PolicyStore', ${PolicyStore}) } if ($PSBoundParameters.ContainsKey('IncludeAllCompartments') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_queryBuilder.AddQueryOption('IncludeAllCompartments', ${IncludeAllCompartments}) } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetIPAddress.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetIPAddress' -Alias '*' function Set-NetIPAddress { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#ROOT/StandardCimv2/MSFT_NetIPAddress')] param( [Parameter(ParameterSetName='Query (cdxml)', Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [ValidateNotNull()] [string[]] ${IPAddress}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [ValidateNotNull()] [uint32[]] ${InterfaceIndex}, [Parameter(ParameterSetName='Query (cdxml)', ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [ValidateNotNull()] [string[]] ${InterfaceAlias}, [Parameter(ParameterSetName='Query (cdxml)')] [Valid ScriptBlock ID: 0d982927-e27f-41ef-839c-61cdc61f6d2f Path:	4104	1		3	2	15	0	1487	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0003-d3ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'ROOT/StandardCimv2/MSFT_NetIPAddress' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function New-NetIPAddress { [CmdletBinding(DefaultParameterSetName='ByInterfaceAlias', SupportsShouldProcess=$true, ConfirmImpact='Medium', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance[]])][OutputType([Microsoft.Management.Infrastructure.CimInstance[]])] param( [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, Position=0, ValueFromPipelineByPropertyName=$true)] [Alias('LocalAddress')] [string] ${IPAddress}, [Parameter(ParameterSetName='ByInterfaceAlias', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifAlias')] [string] ${InterfaceAlias}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${DefaultGateway}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily] ${AddressFamily}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type] ${Type}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [byte] ${PrefixLength}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${ValidLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [timespan] ${PreferredLifetime}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [bool] ${SkipAsSource}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [string] ${PolicyStore}, [Parameter(ParameterSetName='ByInterfaceIndex', Mandatory=$true, ValueFromPipelineByPropertyName=$true)] [Alias('ifIndex')] [uint32] ${InterfaceIndex}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='ByInterfaceAlias')] [Parameter(ParameterSetName='ByInterfaceIndex')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_methodParameters = [System.Collections.Generic.List[Microsoft.PowerShell.Cmdletization.MethodParameter]]::new() switch -exact ($PSCmdlet.ParameterSetName) { { @('ByInterfaceAlias') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceAlias')) { [object]$__cmdletization_value = ${InterfaceAlias} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceAlias'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultGateway')) { [object]$__cmdletization_value = ${DefaultGateway} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('AddressFamily')) { [object]$__cmdletization_value = ${AddressFamily} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'AddressFamily'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.AddressFamily'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('Type')) { [object]$__cmdletization_value = ${Type} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'Type'; ParameterType = 'Microsoft.PowerShell.Cmdletization.GeneratedTypes.NetIPAddress.Type'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PrefixLength')) { [object]$__cmdletization_value = ${PrefixLength} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PrefixLength'; ParameterType = 'System.Byte'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('ValidLifetime')) { [object]$__cmdletization_value = ${ValidLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'ValidLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PreferredLifetime')) { [object]$__cmdletization_value = ${PreferredLifetime} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PreferredLifetime'; ParameterType = 'System.TimeSpan'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('SkipAsSource')) { [object]$__cmdletization_value = ${SkipAsSource} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'SkipAsSource'; ParameterType = 'System.Boolean'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('PolicyStore')) { [object]$__cmdletization_value = ${PolicyStore} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'PolicyStore'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'CmdletOutput'; ParameterType = 'Microsoft.Management.Infrastructure.CimInstance[]'; Bindings = 'Out'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) $__cmdletization_returnValue = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{ Name = 'ReturnValue'; ParameterType = 'System.UInt32'; Bindings = 'Error'; Value = $null; IsValuePresent = $false } $__cmdletization_methodInvocationInfo = [Microsoft.PowerShell.Cmdletization.MethodInvocationInfo]::new('Create', $__cmdletization_methodParameters, $__cmdletization_returnValue) $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_methodInvocationInfo) } { @('ByInterfaceIndex') -contains $_ } { [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('IPAddress')) { [object]$__cmdletization_value = ${IPAddress} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'IPAddress'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('InterfaceIndex')) { [object]$__cmdletization_value = ${InterfaceIndex} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'InterfaceIndex'; ParameterType = 'System.UInt32'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null [object]$__cmdletization_defaultValueIsPresent = $false if ($PSBoundParameters.ContainsKey('DefaultGateway')) { [object]$__cmdletization_value = ${DefaultGateway} $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_value; IsValuePresent = $true} } else { $__cmdletization_methodParameter = [Microsoft.PowerShell.Cmdletization.MethodParameter]@{Name = 'DefaultGateway'; ParameterType = 'System.String'; Bindings = 'In'; Value = $__cmdletization_defaultValue; IsValuePresent = $__cmdletization_defaultValueIsPresent} } $__cmdletization_methodParameters.Add($__cmdletization_methodParameter) [object]$__cmdletization_defaultValue = $null ScriptBlock ID: 0d982927-e27f-41ef-839c-61cdc61f6d2f Path:	4104	1		3	2	15	0	1486	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0003-d3ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #requires -version 3.0 try { Microsoft.PowerShell.Core\Set-StrictMode -Off } catch { } $script:MyModule = $MyInvocation.MyCommand.ScriptBlock.Module $script:ClassName = 'root/StandardCimv2/MSFT_NetCompartment' $script:ClassVersion = '1.0.0' $script:ModuleVersion = '1.0' $script:ObjectModelWrapper = [Microsoft.PowerShell.Cmdletization.Cim.CimCmdletAdapter] $script:PrivateData = [System.Collections.Generic.Dictionary[string,string]]::new() Microsoft.PowerShell.Core\Export-ModuleMember -Function @() function __cmdletization_BindCommonParameters { param( $__cmdletization_objectModelWrapper, $myPSBoundParameters ) if ($myPSBoundParameters.ContainsKey('CimSession')) { $__cmdletization_objectModelWrapper.PSObject.Properties['CimSession'].Value = $myPSBoundParameters['CimSession'] } if ($myPSBoundParameters.ContainsKey('ThrottleLimit')) { $__cmdletization_objectModelWrapper.PSObject.Properties['ThrottleLimit'].Value = $myPSBoundParameters['ThrottleLimit'] } if ($myPSBoundParameters.ContainsKey('AsJob')) { $__cmdletization_objectModelWrapper.PSObject.Properties['AsJob'].Value = $myPSBoundParameters['AsJob'] } } function Get-NetCompartment { [CmdletBinding(DefaultParameterSetName='Query (cdxml)', PositionalBinding=$false)] [OutputType([Microsoft.Management.Infrastructure.CimInstance])] [OutputType('Microsoft.Management.Infrastructure.CimInstance#root/StandardCimv2/MSFT_NetCompartment')] param( [Parameter(ParameterSetName='Query (cdxml)')] [ValidateNotNull()] [uint32[]] ${CompartmentId}, [Parameter(ParameterSetName='Query (cdxml)')] [Alias('Session')] [ValidateNotNullOrEmpty()] [CimSession[]] ${CimSession}, [Parameter(ParameterSetName='Query (cdxml)')] [int] ${ThrottleLimit}, [Parameter(ParameterSetName='Query (cdxml)')] [switch] ${AsJob}) DynamicParam { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper = $script:ObjectModelWrapper::new() $__cmdletization_objectModelWrapper.Initialize($PSCmdlet, $script:ClassName, $script:ClassVersion, $script:ModuleVersion, $script:PrivateData) if ($__cmdletization_objectModelWrapper -is [System.Management.Automation.IDynamicParameters]) { ([System.Management.Automation.IDynamicParameters]$__cmdletization_objectModelWrapper).GetDynamicParameters() } } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Begin { $__cmdletization_exceptionHasBeenThrown = $false try { __cmdletization_BindCommonParameters $__cmdletization_objectModelWrapper $PSBoundParameters $__cmdletization_objectModelWrapper.BeginProcessing() } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } Process { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_queryBuilder = $__cmdletization_objectModelWrapper.GetQueryBuilder() if ($PSBoundParameters.ContainsKey('CompartmentId') -and (@('Query (cdxml)') -contains $PSCmdlet.ParameterSetName )) { $__cmdletization_values = @(${CompartmentId}) $__cmdletization_queryBuilder.FilterByProperty('CompartmentId', $__cmdletization_values, $false, 'Default') } $__cmdletization_objectModelWrapper.ProcessRecord($__cmdletization_queryBuilder) } } catch { $__cmdletization_exceptionHasBeenThrown = $true throw } } End { try { if (-not $__cmdletization_exceptionHasBeenThrown) { $__cmdletization_objectModelWrapper.EndProcessing() } } catch { throw } } # .EXTERNALHELP MSFT_NetCompartment.cdxml-Help.xml } Microsoft.PowerShell.Core\Export-ModuleMember -Function 'Get-NetCompartment' -Alias '*' ScriptBlock ID: 9592748d-4d74-41bd-a29c-67cb79e8733e Path:	4104	1		3	2	15	0	1485	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3528	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-b2ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1484	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	5096	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-aded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4304 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1483	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	3748	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-aded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1482	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4304	5096	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0002-aded-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 9939ed1d-bb37-4f4a-8bfc-2ce862b6599a Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = e570810e-a9c8-4445-8a52-7c39d7a980b2 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1481	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	4524	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:24 PM	1909dffc-a75a-0001-b9f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 671dba3a-fd37-4b62-a21d-0f216ea3ed5b Path:	4104	1		3	2	15	0	1480	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0005-d00b-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e44a4399-e730-4f89-9b19-3b049b90c2cd Path:	4104	1		3	2	15	0	1479	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0005-c90b-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d95b64f0-7ff0-4353-9e44-66b740989416 Path:	4104	1		3	2	15	0	1478	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0000-63f1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): wershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f7cc3a16-9c79-4db9-94e7-8a10707f8ee8 Path:	4104	1		3	2	15	0	1477	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0000-5df1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "(Get-NetIPAddress -addressfamily ipv4).interfacealias -notlike \"Loopback*\"", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.po ScriptBlock ID: f7cc3a16-9c79-4db9-94e7-8a10707f8ee8 Path:	4104	1		3	2	15	0	1476	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0000-5df1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): gICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmI ScriptBlock ID: f7cc3a16-9c79-4db9-94e7-8a10707f8ee8 Path:	4104	1		3	2	15	0	1475	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0000-5df1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICA ScriptBlock ID: f7cc3a16-9c79-4db9-94e7-8a10707f8ee8 Path:	4104	1		3	2	15	0	1474	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	216	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0000-5df1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1473	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	5068	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:23 PM	1909dffc-a75a-0001-a7f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 820 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1472	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	3512	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:22 PM	1909dffc-a75a-0001-a7f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1471	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	820	5068	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:22 PM	1909dffc-a75a-0001-a7f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="AssemblyName"; value="System.DirectoryServices.AccountManagement" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 117e02c5-8148-4183-95d2-757be692ee67 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 52a29d2b-cb4e-4402-8fdd-60946084da90 Pipeline ID = 5 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 35 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1470	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	3988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:17 PM	1909dffc-a75a-0001-8af3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $_.$guid_key -eq $adapter.SettingID } ScriptBlock ID: becf5c5d-ee33-47c4-9fc9-990176d6dc9a Path:	4104	1		3	2	15	0	1469	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	3988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:17 PM	1909dffc-a75a-0001-84f3-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Error Message = The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: The term 'facter' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. Fully Qualified Error ID = CommandNotFoundException,Microsoft.PowerShell.Commands.GetCommandCommand Context: Severity = Warning Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 117e02c5-8148-4183-95d2-757be692ee67 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 52a29d2b-cb4e-4402-8fdd-60946084da90 Pipeline ID = 5 Command Name = Get-Command Command Type = Cmdlet Script Name = Command Path = Sequence Number = 33 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4100	1		3	106	19	0	1468	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	3988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:17 PM	1909dffc-a75a-0004-e438-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	To be used when an exception is raised	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2018, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy Function Get-CustomFacts { [cmdletBinding()] param ( [Parameter(mandatory=$false)] $factpath = $null ) if (-not (Test-Path -Path $factpath)) { Fail-Json $result "The path $factpath does not exist. Typo?" } $FactsFiles = Get-ChildItem -Path $factpath | Where-Object -FilterScript {($PSItem.PSIsContainer -eq $false) -and ($PSItem.Extension -eq '.ps1')} foreach ($FactsFile in $FactsFiles) { $out = & $($FactsFile.FullName) $result.ansible_facts.Add("ansible_$(($FactsFile.Name).Split('.')[0])", $out) } } Function Get-MachineSid { # The Machine SID is stored in HKLM:\SECURITY\SAM\Domains\Account and is # only accessible by the Local System account. This method get's the local # admin account (ends with -500) and lops it off to get the machine sid. $admins_sid = "S-1-5-32-544" $admin_group = ([Security.Principal.SecurityIdentifier]$admins_sid).Translate([Security.Principal.NTAccount]).Value Add-Type -AssemblyName System.DirectoryServices.AccountManagement $principal_context = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalContext([System.DirectoryServices.AccountManagement.ContextType]::Machine) $group_principal = New-Object -TypeName System.DirectoryServices.AccountManagement.GroupPrincipal($principal_context, $admin_group) $searcher = New-Object -TypeName System.DirectoryServices.AccountManagement.PrincipalSearcher($group_principal) $groups = $searcher.FindOne() $machine_sid = $null foreach ($user in $groups.Members) { $user_sid = $user.Sid if ($user_sid.Value.EndsWith("-500")) { $machine_sid = $user_sid.AccountDomainSid.Value break } } return $machine_sid } $cim_instances = @{} Function Get-LazyCimInstance([string]$instance_name, [string]$namespace="Root\CIMV2") { if(-not $cim_instances.ContainsKey($instance_name)) { $cim_instances[$instance_name] = $(Get-CimInstance -Namespace $namespace -ClassName $instance_name) } return $cim_instances[$instance_name] } $result = @{ ansible_facts = @{ } changed = $false } $grouped_subsets = @{ min=[System.Collections.Generic.List[string]]@('date_time','distribution','dns','env','local','platform','powershell_version','user') network=[System.Collections.Generic.List[string]]@('all_ipv4_addresses','all_ipv6_addresses','interfaces','windows_domain', 'winrm') hardware=[System.Collections.Generic.List[string]]@('bios','memory','processor','uptime') external=[System.Collections.Generic.List[string]]@('facter') } # build "all" set from everything mentioned in the group- this means every value must be in at least one subset to be considered legal $all_set = [System.Collections.Generic.HashSet[string]]@() foreach($kv in $grouped_subsets.GetEnumerator()) { [void] $all_set.UnionWith($kv.Value) } # dynamically create an "all" subset now that we know what should be in it $grouped_subsets['all'] = [System.Collections.Generic.List[string]]$all_set # start with all, build up gather and exclude subsets $gather_subset = [System.Collections.Generic.HashSet[string]]$grouped_subsets.all $explicit_subset = [System.Collections.Generic.HashSet[string]]@() $exclude_subset = [System.Collections.Generic.HashSet[string]]@() $params = Parse-Args $args -supports_check_mode $true $factpath = Get-AnsibleParam -obj $params -name "fact_path" -type "path" $gather_subset_source = Get-AnsibleParam -obj $params -name "gather_subset" -type "list" -default "all" foreach($item in $gather_subset_source) { if(([string]$item).StartsWith("!")) { $item = ([string]$item).Substring(1) if($item -eq "all") { $all_minus_min = [System.Collections.Generic.HashSet[string]]@($all_set) [void] $all_minus_min.ExceptWith($grouped_subsets.min) [void] $exclude_subset.UnionWith($all_minus_min) } elseif($grouped_subsets.ContainsKey($item)) { [void] $exclude_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $exclude_subset.Add($item) } # NB: invalid exclude values are ignored, since that's what posix setup does } else { if($grouped_subsets.ContainsKey($item)) { [void] $explicit_subset.UnionWith($grouped_subsets[$item]) } elseif($all_set.Contains($item)) { [void] $explicit_subset.Add($item) } else { # NB: POSIX setup fails on invalid value; we warn, because we don't implement the same set as POSIX # and we don't have platform-specific config for this... Add-Warning $result "invalid value $item specified in gather_subset" } } } [void] $gather_subset.ExceptWith($exclude_subset) [void] $gather_subset.UnionWith($explicit_subset) $ansible_facts = @{ gather_subset=@($gather_subset_source) module_setup=$true } $osversion = [Environment]::OSVersion if($gather_subset.Contains('all_ipv4_addresses') -or $gather_subset.Contains('all_ipv6_addresses')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration # TODO: split v4/v6 properly, return in separate keys $ips = @() Foreach ($ip in $netcfg.IPAddress) { If ($ip) { $ips += $ip } } $ansible_facts += @{ ansible_ip_addresses = $ips } } if($gather_subset.Contains('bios')) { $win32_bios = Get-LazyCimInstance Win32_Bios $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $ansible_facts += @{ ansible_bios_date = $win32_bios.ReleaseDate.ToString("MM/dd/yyyy") ansible_bios_version = $win32_bios.SMBIOSBIOSVersion ansible_product_name = $win32_cs.Model.Trim() ansible_product_serial = $win32_bios.SerialNumber # ansible_product_version = ([string] $win32_cs.SystemFamily) } } if($gather_subset.Contains('date_time')) { $datetime = (Get-Date) $datetime_utc = $datetime.ToUniversalTime() $date = @{ date = $datetime.ToString("yyyy-MM-dd") day = $datetime.ToString("dd") epoch = (Get-Date -UFormat "%s") hour = $datetime.ToString("HH") iso8601 = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ssZ") iso8601_basic = $datetime.ToString("yyyyMMddTHHmmssffffff") iso8601_basic_short = $datetime.ToString("yyyyMMddTHHmmss") iso8601_micro = $datetime_utc.ToString("yyyy-MM-ddTHH:mm:ss.ffffffZ") minute = $datetime.ToString("mm") month = $datetime.ToString("MM") second = $datetime.ToString("ss") time = $datetime.ToString("HH:mm:ss") tz = ([System.TimeZoneInfo]::Local.Id) tz_offset = $datetime.ToString("zzzz") # Ensure that the weekday is in English weekday = $datetime.ToString("dddd", [System.Globalization.CultureInfo]::InvariantCulture) weekday_number = (Get-Date -UFormat "%w") weeknumber = (Get-Date -UFormat "%W") year = $datetime.ToString("yyyy") } $ansible_facts += @{ ansible_date_time = $date } } if($gather_subset.Contains('distribution')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $product_type = switch($win32_os.ProductType) { 1 { "workstation" } 2 { "domain_controller" } 3 { "server" } default { "unknown" } } $ansible_facts += @{ ansible_distribution = $win32_os.Caption ansible_distribution_version = $osversion.Version.ToString() ansible_distribution_major_version = $osversion.Version.Major.ToString() ansible_os_family = "Windows" ansible_os_name = ($win32_os.Name.Split('|')[0]).Trim() ansible_os_product_type = $product_type } } if($gather_subset.Contains('env')) { $env_vars = @{ } foreach ($item in Get-ChildItem Env:) { $name = $item | select -ExpandProperty Name # Powershell ConvertTo-Json fails if string ends with \ $value = ($item | select -ExpandProperty Value).TrimEnd("\") $env_vars.Add($name, $value) } $ansible_facts += @{ ansible_env = $env_vars } } if($gather_subset.Contains('facter')) { # See if Facter is on the System Path Try { $facter_exe = Get-Command facter -ErrorAction Stop $facter_installed = $true } Catch { $facter_installed = $false } # Get JSON from Facter, and parse it out. if ($facter_installed) { &facter -j | Tee-Object -Variable facter_output | Out-Null $facts = "$facter_output" | ConvertFrom-Json ForEach($fact in $facts.PSObject.Properties) { $fact_name = $fact.Name $ansible_facts.Add("facter_$fact_name", $fact.Value) } } } if($gather_subset.Contains('interfaces')) { $netcfg = Get-LazyCimInstance Win32_NetworkAdapterConfiguration $ActiveNetcfg = @() $ActiveNetcfg += $netcfg | where {$_.ipaddress -ne $null} $namespaces = Get-LazyCimInstance __Namespace -namespace root if ($namespaces | Where-Object { $_.Name -eq "StandardCimv" }) { $net_adapters = Get-LazyCimInstance MSFT_NetAdapter -namespace Root\StandardCimv2 $guid_key = "InterfaceGUID" $name_key = "Name" } else { $net_adapters = Get-LazyCimInstance Win32_NetworkAdapter $guid_key = "GUID" $name_key = "NetConnectionID" } $formattednetcfg = @() foreach ($adapter in $ActiveNetcfg) { $thisadapter = @{ default_gateway = $null connection_name = $null dns_domain = $adapter.dnsdomain interface_index = $adapter.InterfaceIndex interface_name = $adapter.description macaddress = $adapter.macaddress } if ($adapter.defaultIPGateway) { $thisadapter.default_gateway = $adapter.DefaultIPGateway[0].ToString() } $net_adapter = $net_adapters | Where-Object { $_.$guid_key -eq $adapter.SettingID } if ($net_adapter) { $thisadapter.connection_name = $net_adapter.$name_key } $formattednetcfg += $thisadapter } $ansible_facts += @{ ansible_interfaces = $formattednetcfg } } if ($gather_subset.Contains("local") -and $factpath -ne $null) { # Get any custom facts; results are updated in the Get-CustomFacts -factpath $factpath } if($gather_subset.Contains('memory')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ # Win32_PhysicalMemory is empty on some virtual platforms ansible_memtotal_mb = ([math]::round($win32_cs.TotalPhysicalMemory / 1024 / 1024)) ansible_swaptotal_mb = ([math]::round($win32_os.TotalSwapSpaceSize / 1024 / 1024)) } } if($gather_subset.Contains('platform')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ip_props = [System.Net.NetworkInformation.IPGlobalProperties]::GetIPGlobalProperties() $ansible_facts += @{ ansible_architecture = $win32_os.OSArchitecture ansible_domain = $ip_props.DomainName ansible_fqdn = ($ip_props.Hostname + "." + $ip_props.DomainName) ansible_hostname = $env:COMPUTERNAME ansible_kernel = $osversion.Version.ToString() ansible_nodename = ($ip_props.HostName + "." + $ip_props.DomainName) ansible_machine_id = Get-MachineSid ansible_owner_contact = ([string] $win32_cs.PrimaryOwnerContact) ansible_owner_name = ([string] $win32_cs.PrimaryOwnerName) # FUTURE: should this live in its own subset? ansible_reboot_pending = (Get-PendingRebootStatus) ansible_system = $osversion.Platform.ToString() ansible_system_description = ([string] $win32_os.Description) ansible_system_vendor = $win32_cs.Manufacturer } } if($gather_subset.Contains('powershell_version')) { $ansible_facts += @{ ansible_powershell_version = ($PSVersionTable.PSVersion.Major) } } if($gather_subset.Contains('processor')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $win32_cpu = Get-LazyCimInstance Win32_Processor if ($win32_cpu -is [array]) { # multi-socket, pick first $win32_cpu = $win32_cpu[0] } $cpu_list = @( ) for ($i=1; $i -le ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors); $i++) { $cpu_list += $win32_cpu.Manufacturer $cpu_list += $win32_cpu.Name } $ansible_facts += @{ ansible_processor = $cpu_list ansible_processor_cores = $win32_cpu.NumberOfCores ansible_processor_count = $win32_cs.NumberOfProcessors ansible_processor_threads_per_core = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors / $win32_cpu.NumberOfCores) ansible_processor_vcpus = ($win32_cpu.NumberOfLogicalProcessors / $win32_cs.NumberOfProcessors) } } if($gather_subset.Contains('uptime')) { $win32_os = Get-LazyCimInstance Win32_OperatingSystem $ansible_facts += @{ ansible_lastboot = $win32_os.lastbootuptime.ToString("u") ansible_uptime_seconds = $([System.Convert]::ToInt64($(Get-Date).Subtract($win32_os.lastbootuptime).TotalSeconds)) } } if($gather_subset.Contains('user')) { $user = [Security.Principal.WindowsIdentity]::GetCurrent() $ansible_facts += @{ ansible_user_dir = $env:userprofile # Win32_UserAccount.FullName is probably the right thing here, but it can be expensive to get on large domains ansible_user_gecos = "" ansible_user_id = $env:username ansible_user_sid = $user.User.Value } } if($gather_subset.Contains('windows_domain')) { $win32_cs = Get-LazyCimInstance Win32_ComputerSystem $domain_roles = @{ 0 = "Stand-alone workstation" 1 = "Member workstation" 2 = "Stand-alone server" 3 = "Member server" 4 = "Backup domain controller" 5 = "Primary domain controller" } $domain_role = $domain_roles.Get_Item([Int32]$win32_cs.DomainRole) $ansible_facts += @{ ansible_windows_domain = $win32_cs.Domain ansible_windows_domain_member = $win32_cs.PartOfDomain ansible_windows_domain_role = $domain_role } } if($gather_subset.Contains('winrm')) { $winrm_https_listener_parent_paths = Get-ChildItem -Path WSMan:\localhost\Listener -Recurse | Where-Object {$_.PSChildName -eq "Transport" -and $_.Value -eq "HTTPS"} | select PSParentPath if ($winrm_https_listener_parent_paths -isnot [array]) { $winrm_https_listener_parent_paths = @($winrm_https_listener_parent_paths) } $winrm_https_listener_paths = @() foreach ($winrm_https_listener_parent_path in $winrm_https_listener_parent_paths) { $winrm_https_listener_paths += $winrm_https_listener_parent_path.PSParentPath.Substring($winrm_https_listener_parent_path.PSParentPath.LastIndexOf("\")) } $https_listeners = @() foreach ($winrm_https_listener_path in $winrm_https_listener_paths) { $https_listeners += Get-ChildItem -Path "WSMan:\localhost\Listener$winrm_https_listener_path" } $winrm_cert_thumbprints = @() foreach ($https_listener in $https_listeners) { $winrm_cert_thumbprints += $https_listener | where {$_.Name -EQ "CertificateThumbprint" } | select Value } $winrm_cert_expiry = @() foreach ($winrm_cert_thumbprint in $winrm_cert_thumbprints) { Try { $winrm_cert_expiry += Get-ChildItem -Path Cert:\LocalMachine\My | where Thumbprint -EQ $winrm_cert_thumbprint.Value.ToString().ToUpper() | select NotAfter } Catch {} } $winrm_cert_expirations = $winrm_cert_expiry | Sort-Object NotAfter if ($winrm_cert_expirations) { # this fact was renamed from ansible_winrm_certificate_expires due to collision with ansible_winrm_X connection var pattern $ansible_facts.Add("ansible_win_rm_certificate_expires", $winrm_cert_expirations[0].NotAfter.ToString("yyyy-MM-dd HH:mm:ss")) } } $result.ansible_facts += $ansible_facts Exit-Json $result ScriptBlock ID: f6f2b86e-4c2c-45bd-ac45-3ea0dfb69076 Path:	4104	1		3	2	15	0	1467	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	3988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0000-2ff1-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 5db009a0-68fe-4dbc-854e-afaf0660b472 Path:	4104	1		3	2	15	0	1466	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-7aed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 0b4a3e10-f677-4201-8b21-1b8884d4eee8 Path:	4104	1		3	2	15	0	1465	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-6bed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): mTG9naWNhbFByb2Nlc3NvcnMgLyAkd2luMzJfY3MuTnVtYmVyT2ZQcm9jZXNzb3JzKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXB0aW1lJykpIHsKICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfbGFzdGJvb3QgPSAkd2luMzJfb3MubGFzdGJvb3R1cHRpbWUuVG9TdHJpbmcoInUiKQogICAgICAgIGFuc2libGVfdXB0aW1lX3NlY29uZHMgPSAkKFtTeXN0ZW0uQ29udmVydF06OlRvSW50NjQoJChHZXQtRGF0ZSkuU3VidHJhY3QoJHdpbjMyX29zLmxhc3Rib290dXB0aW1lKS5Ub3RhbFNlY29uZHMpKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygndXNlcicpKSB7CiAgICAkdXNlciA9IFtTZWN1cml0eS5QcmluY2lwYWwuV2luZG93c0lkZW50aXR5XTo6R2V0Q3VycmVudCgpCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfdXNlcl9kaXIgPSAkZW52OnVzZXJwcm9maWxlCiAgICAgICAgIyBXaW4zMl9Vc2VyQWNjb3VudC5GdWxsTmFtZSBpcyBwcm9iYWJseSB0aGUgcmlnaHQgdGhpbmcgaGVyZSwgYnV0IGl0IGNhbiBiZSBleHBlbnNpdmUgdG8gZ2V0IG9uIGxhcmdlIGRvbWFpbnMKICAgICAgICBhbnNpYmxlX3VzZXJfZ2Vjb3MgPSAiIgogICAgICAgIGFuc2libGVfdXNlcl9pZCA9ICRlbnY6dXNlcm5hbWUKICAgICAgICBhbnNpYmxlX3VzZXJfc2lkID0gJHVzZXIuVXNlci5WYWx1ZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnd2luZG93c19kb21haW4nKSkgewogICAgJHdpbjMyX2NzID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9Db21wdXRlclN5c3RlbQogICAgJGRvbWFpbl9yb2xlcyA9IEB7CiAgICAgICAgMCA9ICJTdGFuZC1hbG9uZSB3b3Jrc3RhdGlvbiIKICAgICAgICAxID0gIk1lbWJlciB3b3Jrc3RhdGlvbiIKICAgICAgICAyID0gIlN0YW5kLWFsb25lIHNlcnZlciIKICAgICAgICAzID0gIk1lbWJlciBzZXJ2ZXIiCiAgICAgICAgNCA9ICJCYWNrdXAgZG9tYWluIGNvbnRyb2xsZXIiCiAgICAgICAgNSA9ICJQcmltYXJ5IGRvbWFpbiBjb250cm9sbGVyIgogICAgfQoKICAgICRkb21haW5fcm9sZSA9ICRkb21haW5fcm9sZXMuR2V0X0l0ZW0oW0ludDMyXSR3aW4zMl9jcy5Eb21haW5Sb2xlKQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV93aW5kb3dzX2RvbWFpbiA9ICR3aW4zMl9jcy5Eb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX21lbWJlciA9ICR3aW4zMl9jcy5QYXJ0T2ZEb21haW4KICAgICAgICBhbnNpYmxlX3dpbmRvd3NfZG9tYWluX3JvbGUgPSAkZG9tYWluX3JvbGUKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3dpbnJtJykpIHsKCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCBXU01hbjpcbG9jYWxob3N0XExpc3RlbmVyIC1SZWN1cnNlIHwgV2hlcmUtT2JqZWN0IHskXy5QU0NoaWxkTmFtZSAtZXEgIlRyYW5zcG9ydCIgLWFuZCAkXy5WYWx1ZSAtZXEgIkhUVFBTIn0gfCBzZWxlY3QgUFNQYXJlbnRQYXRoCiAgICBpZiAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyAtaXNub3QgW2FycmF5XSkgewogICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocyA9IEAoJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhcmVudF9wYXRocykKICAgIH0KCiAgICAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMgPSBAKCkKICAgIGZvcmVhY2ggKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGFyZW50X3BhdGhzKSB7CiAgICAgICAgJHdpbnJtX2h0dHBzX2xpc3RlbmVyX3BhdGhzICs9ICR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguU3Vic3RyaW5nKCR3aW5ybV9odHRwc19saXN0ZW5lcl9wYXJlbnRfcGF0aC5QU1BhcmVudFBhdGguTGFzdEluZGV4T2YoIlwiKSkKICAgIH0KCiAgICAkaHR0cHNfbGlzdGVuZXJzID0gQCgpCiAgICBmb3JlYWNoICgkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCBpbiAkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aHMpIHsKICAgICAgICAkaHR0cHNfbGlzdGVuZXJzICs9IEdldC1DaGlsZEl0ZW0gLVBhdGggIldTTWFuOlxsb2NhbGhvc3RcTGlzdGVuZXIkd2lucm1faHR0cHNfbGlzdGVuZXJfcGF0aCIKICAgIH0KCiAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyA9IEAoKQogICAgZm9yZWFjaCAoJGh0dHBzX2xpc3RlbmVyIGluICRodHRwc19saXN0ZW5lcnMpIHsKICAgICAgICAkd2lucm1fY2VydF90aHVtYnByaW50cyArPSAkaHR0cHNfbGlzdGVuZXIgfCB3aGVyZSB7JF8uTmFtZSAtRVEgIkNlcnRpZmljYXRlVGh1bWJwcmludCIgfSB8IHNlbGVjdCBWYWx1ZQogICAgfQoKICAgICR3aW5ybV9jZXJ0X2V4cGlyeSA9IEAoKQogICAgZm9yZWFjaCAoJHdpbnJtX2NlcnRfdGh1bWJwcmludCBpbiAkd2lucm1fY2VydF90aHVtYnByaW50cykgewogICAgICAgIFRyeSB7CiAgICAgICAgICAgICR3aW5ybV9jZXJ0X2V4cGlyeSArPSBHZXQtQ2hpbGRJdGVtIC1QYXRoIENlcnQ6XExvY2FsTWFjaGluZVxNeSB8IHdoZXJlIFRodW1icHJpbnQgLUVRICR3aW5ybV9jZXJ0X3RodW1icHJpbnQuVmFsdWUuVG9TdHJpbmcoKS5Ub1VwcGVyKCkgfCBzZWxlY3QgTm90QWZ0ZXIKICAgICAgICB9IENhdGNoIHt9CiAgICB9CgogICAgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnMgPSAkd2lucm1fY2VydF9leHBpcnkgfCBTb3J0LU9iamVjdCBOb3RBZnRlcgogICAgaWYgKCR3aW5ybV9jZXJ0X2V4cGlyYXRpb25zKSB7CiAgICAgICAgIyB0aGlzIGZhY3Qgd2FzIHJlbmFtZWQgZnJvbSBhbnNpYmxlX3dpbnJtX2NlcnRpZmljYXRlX2V4cGlyZXMgZHVlIHRvIGNvbGxpc2lvbiB3aXRoIGFuc2libGVfd2lucm1fWCBjb25uZWN0aW9uIHZhciBwYXR0ZXJuCiAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlX3dpbl9ybV9jZXJ0aWZpY2F0ZV9leHBpcmVzIiwgJHdpbnJtX2NlcnRfZXhwaXJhdGlvbnNbMF0uTm90QWZ0ZXIuVG9TdHJpbmcoInl5eXktTU0tZGQgSEg6bW06c3MiKSkKICAgIH0KfQoKJHJlc3VsdC5hbnNpYmxlX2ZhY3RzICs9ICRhbnNpYmxlX2ZhY3RzCgpFeGl0LUpzb24gJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "gather_timeout": 10, "_ansible_module_name": "setup", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 2, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "gather_subset": ["all"], "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7b9a0f89-eae4-4735-80ff-efb5e8d69602 Path:	4104	1		3	2	15	0	1464	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-65ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): QYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRmYWN0cGF0aCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmYWN0X3BhdGgiIC10eXBlICJwYXRoIgokZ2F0aGVyX3N1YnNldF9zb3VyY2UgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZ2F0aGVyX3N1YnNldCIgLXR5cGUgImxpc3QiIC1kZWZhdWx0ICJhbGwiCgpmb3JlYWNoKCRpdGVtIGluICRnYXRoZXJfc3Vic2V0X3NvdXJjZSkgewogICAgaWYoKFtzdHJpbmddJGl0ZW0pLlN0YXJ0c1dpdGgoIiEiKSkgewogICAgICAgICRpdGVtID0gKFtzdHJpbmddJGl0ZW0pLlN1YnN0cmluZygxKQogICAgICAgIGlmKCRpdGVtIC1lcSAiYWxsIikgewogICAgICAgICAgICAkYWxsX21pbnVzX21pbiA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5IYXNoU2V0W3N0cmluZ11dQCgkYWxsX3NldCkKICAgICAgICAgICAgW3ZvaWRdICRhbGxfbWludXNfbWluLkV4Y2VwdFdpdGgoJGdyb3VwZWRfc3Vic2V0cy5taW4pCiAgICAgICAgICAgIFt2b2lkXSAkZXhjbHVkZV9zdWJzZXQuVW5pb25XaXRoKCRhbGxfbWludXNfbWluKQogICAgICAgIH0KICAgICAgICBlbHNlaWYoJGdyb3VwZWRfc3Vic2V0cy5Db250YWluc0tleSgkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5VbmlvbldpdGgoJGdyb3VwZWRfc3Vic2V0c1skaXRlbV0pCiAgICAgICAgfQogICAgICAgIGVsc2VpZigkYWxsX3NldC5Db250YWlucygkaXRlbSkpIHsKICAgICAgICAgICAgW3ZvaWRdICRleGNsdWRlX3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgICMgTkI6IGludmFsaWQgZXhjbHVkZSB2YWx1ZXMgYXJlIGlnbm9yZWQsIHNpbmNlIHRoYXQncyB3aGF0IHBvc2l4IHNldHVwIGRvZXMKICAgIH0KICAgIGVsc2UgewogICAgICAgIGlmKCRncm91cGVkX3N1YnNldHMuQ29udGFpbnNLZXkoJGl0ZW0pKSB7CiAgICAgICAgICAgIFt2b2lkXSAkZXhwbGljaXRfc3Vic2V0LlVuaW9uV2l0aCgkZ3JvdXBlZF9zdWJzZXRzWyRpdGVtXSkKICAgICAgICB9CiAgICAgICAgZWxzZWlmKCRhbGxfc2V0LkNvbnRhaW5zKCRpdGVtKSkgewogICAgICAgICAgICBbdm9pZF0gJGV4cGxpY2l0X3N1YnNldC5BZGQoJGl0ZW0pCiAgICAgICAgfQogICAgICAgIGVsc2UgewogICAgICAgICAgICAjIE5COiBQT1NJWCBzZXR1cCBmYWlscyBvbiBpbnZhbGlkIHZhbHVlOyB3ZSB3YXJuLCBiZWNhdXNlIHdlIGRvbid0IGltcGxlbWVudCB0aGUgc2FtZSBzZXQgYXMgUE9TSVgKICAgICAgICAgICAgIyBhbmQgd2UgZG9uJ3QgaGF2ZSBwbGF0Zm9ybS1zcGVjaWZpYyBjb25maWcgZm9yIHRoaXMuLi4KICAgICAgICAgICAgQWRkLVdhcm5pbmcgJHJlc3VsdCAiaW52YWxpZCB2YWx1ZSAkaXRlbSBzcGVjaWZpZWQgaW4gZ2F0aGVyX3N1YnNldCIKICAgICAgICB9CiAgICB9Cn0KClt2b2lkXSAkZ2F0aGVyX3N1YnNldC5FeGNlcHRXaXRoKCRleGNsdWRlX3N1YnNldCkKW3ZvaWRdICRnYXRoZXJfc3Vic2V0LlVuaW9uV2l0aCgkZXhwbGljaXRfc3Vic2V0KQoKJGFuc2libGVfZmFjdHMgPSBAewogICAgZ2F0aGVyX3N1YnNldD1AKCRnYXRoZXJfc3Vic2V0X3NvdXJjZSkKICAgIG1vZHVsZV9zZXR1cD0kdHJ1ZQp9Cgokb3N2ZXJzaW9uID0gW0Vudmlyb25tZW50XTo6T1NWZXJzaW9uCgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnYWxsX2lwdjRfYWRkcmVzc2VzJykgLW9yICRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdhbGxfaXB2Nl9hZGRyZXNzZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAKICAgICMgVE9ETzogc3BsaXQgdjQvdjYgcHJvcGVybHksIHJldHVybiBpbiBzZXBhcmF0ZSBrZXlzCiAgICAkaXBzID0gQCgpCiAgICBGb3JlYWNoICgkaXAgaW4gJG5ldGNmZy5JUEFkZHJlc3MpIHsKICAgICAgICBJZiAoJGlwKSB7CiAgICAgICAgICAgICRpcHMgKz0gJGlwCiAgICAgICAgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pcF9hZGRyZXNzZXMgPSAkaXBzCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdiaW9zJykpIHsKICAgICR3aW4zMl9iaW9zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9CaW9zCiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYmlvc19kYXRlID0gJHdpbjMyX2Jpb3MuUmVsZWFzZURhdGUuVG9TdHJpbmcoIk1NL2RkL3l5eXkiKQogICAgICAgIGFuc2libGVfYmlvc192ZXJzaW9uID0gJHdpbjMyX2Jpb3MuU01CSU9TQklPU1ZlcnNpb24KICAgICAgICBhbnNpYmxlX3Byb2R1Y3RfbmFtZSA9ICR3aW4zMl9jcy5Nb2RlbC5UcmltKCkKICAgICAgICBhbnNpYmxlX3Byb2R1Y3Rfc2VyaWFsID0gJHdpbjMyX2Jpb3MuU2VyaWFsTnVtYmVyCiAgICAgICAgIyBhbnNpYmxlX3Byb2R1Y3RfdmVyc2lvbiA9IChbc3RyaW5nXSAkd2luMzJfY3MuU3lzdGVtRmFtaWx5KQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZGF0ZV90aW1lJykpIHsKICAgICRkYXRldGltZSA9IChHZXQtRGF0ZSkKICAgICRkYXRldGltZV91dGMgPSAkZGF0ZXRpbWUuVG9Vbml2ZXJzYWxUaW1lKCkKICAgICRkYXRlID0gQHsKICAgICAgICBkYXRlID0gJGRhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIikKICAgICAgICBkYXkgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoImRkIikKICAgICAgICBlcG9jaCA9IChHZXQtRGF0ZSAtVUZvcm1hdCAiJXMiKQogICAgICAgIGhvdXIgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIIikKICAgICAgICBpc284NjAxID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzc1oiKQogICAgICAgIGlzbzg2MDFfYmFzaWMgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXlNTWRkVEhIbW1zc2ZmZmZmZiIpCiAgICAgICAgaXNvODYwMV9iYXNpY19zaG9ydCA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eU1NZGRUSEhtbXNzIikKICAgICAgICBpc284NjAxX21pY3JvID0gJGRhdGV0aW1lX3V0Yy5Ub1N0cmluZygieXl5eS1NTS1kZFRISDptbTpzcy5mZmZmZmZaIikKICAgICAgICBtaW51dGUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIm1tIikKICAgICAgICBtb250aCA9ICRkYXRldGltZS5Ub1N0cmluZygiTU0iKQogICAgICAgIHNlY29uZCA9ICRkYXRldGltZS5Ub1N0cmluZygic3MiKQogICAgICAgIHRpbWUgPSAkZGF0ZXRpbWUuVG9TdHJpbmcoIkhIOm1tOnNzIikKICAgICAgICB0eiA9IChbU3lzdGVtLlRpbWVab25lSW5mb106OkxvY2FsLklkKQogICAgICAgIHR6X29mZnNldCA9ICRkYXRldGltZS5Ub1N0cmluZygienp6eiIpCiAgICAgICAgIyBFbnN1cmUgdGhhdCB0aGUgd2Vla2RheSBpcyBpbiBFbmdsaXNoCiAgICAgICAgd2Vla2RheSA9ICRkYXRldGltZS5Ub1N0cmluZygiZGRkZCIsIFtTeXN0ZW0uR2xvYmFsaXphdGlvbi5DdWx0dXJlSW5mb106OkludmFyaWFudEN1bHR1cmUpCiAgICAgICAgd2Vla2RheV9udW1iZXIgPSAoR2V0LURhdGUgLVVGb3JtYXQgIiV3IikKICAgICAgICB3ZWVrbnVtYmVyID0gKEdldC1EYXRlIC1VRm9ybWF0ICIlVyIpCiAgICAgICAgeWVhciA9ICRkYXRldGltZS5Ub1N0cmluZygieXl5eSIpCiAgICB9CgogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX2RhdGVfdGltZSA9ICRkYXRlCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdkaXN0cmlidXRpb24nKSkgewogICAgJHdpbjMyX29zID0gR2V0LUxhenlDaW1JbnN0YW5jZSBXaW4zMl9PcGVyYXRpbmdTeXN0ZW0KICAgICRwcm9kdWN0X3R5cGUgPSBzd2l0Y2goJHdpbjMyX29zLlByb2R1Y3RUeXBlKSB7CiAgICAgICAgMSB7ICJ3b3Jrc3RhdGlvbiIgfQogICAgICAgIDIgeyAiZG9tYWluX2NvbnRyb2xsZXIiIH0KICAgICAgICAzIHsgInNlcnZlciIgfQogICAgICAgIGRlZmF1bHQgeyAidW5rbm93biIgfQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9kaXN0cmlidXRpb24gPSAkd2luMzJfb3MuQ2FwdGlvbgogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfZGlzdHJpYnV0aW9uX21ham9yX3ZlcnNpb24gPSAkb3N2ZXJzaW9uLlZlcnNpb24uTWFqb3IuVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfb3NfZmFtaWx5ID0gIldpbmRvd3MiCiAgICAgICAgYW5zaWJsZV9vc19uYW1lID0gKCR3aW4zMl9vcy5OYW1lLlNwbGl0KCd8JylbMF0pLlRyaW0oKQogICAgICAgIGFuc2libGVfb3NfcHJvZHVjdF90eXBlID0gJHByb2R1Y3RfdHlwZQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygnZW52JykpIHsKICAgICRlbnZfdmFycyA9IEB7IH0KICAgIGZvcmVhY2ggKCRpdGVtIGluIEdldC1DaGlsZEl0ZW0gRW52OikgewogICAgICAgICRuYW1lID0gJGl0ZW0gfCBzZWxlY3QgLUV4cGFuZFByb3BlcnR5IE5hbWUKICAgICAgICAjIFBvd2Vyc2hlbGwgQ29udmVydFRvLUpzb24gZmFpbHMgaWYgc3RyaW5nIGVuZHMgd2l0aCBcCiAgICAgICAgJHZhbHVlID0gKCRpdGVtIHwgc2VsZWN0IC1FeHBhbmRQcm9wZXJ0eSBWYWx1ZSkuVHJpbUVuZCgiXCIpCiAgICAgICAgJGVudl92YXJzLkFkZCgkbmFtZSwgJHZhbHVlKQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9lbnYgPSAkZW52X3ZhcnMKICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ZhY3RlcicpKSB7CiAgICAjIFNlZSBpZiBGYWN0ZXIgaXMgb24gdGhlIFN5c3RlbSBQYXRoCiAgICBUcnkgewogICAgICAgICRmYWN0ZXJfZXhlID0gR2V0LUNvbW1hbmQgZmFjdGVyIC1FcnJvckFjdGlvbiBTdG9wCiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkdHJ1ZQogICAgfSBDYXRjaCB7CiAgICAgICAgJGZhY3Rlcl9pbnN0YWxsZWQgPSAkZmFsc2UKICAgIH0KCiAgICAjIEdldCBKU09OIGZyb20gRmFjdGVyLCBhbmQgcGFyc2UgaXQgb3V0LgogICAgaWYgKCRmYWN0ZXJfaW5zdGFsbGVkKSB7CiAgICAgICAgJmZhY3RlciAtaiB8IFRlZS1PYmplY3QgIC1WYXJpYWJsZSBmYWN0ZXJfb3V0cHV0IHwgT3V0LU51bGwKICAgICAgICAkZmFjdHMgPSAiJGZhY3Rlcl9vdXRwdXQiIHwgQ29udmVydEZyb20tSnNvbgogICAgICAgIEZvckVhY2goJGZhY3QgaW4gJGZhY3RzLlBTT2JqZWN0LlByb3BlcnRpZXMpIHsKICAgICAgICAgICAgJGZhY3RfbmFtZSA9ICRmYWN0Lk5hbWUKICAgICAgICAgICAgJGFuc2libGVfZmFjdHMuQWRkKCJmYWN0ZXJfJGZhY3RfbmFtZSIsICRmYWN0LlZhbHVlKQogICAgICAgIH0KICAgIH0KfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ2ludGVyZmFjZXMnKSkgewogICAgJG5ldGNmZyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfTmV0d29ya0FkYXB0ZXJDb25maWd1cmF0aW9uCiAgICAkQWN0aXZlTmV0Y2ZnID0gQCgpCiAgICAkQWN0aXZlTmV0Y2ZnICs9ICRuZXRjZmcgfCB3aGVyZSB7JF8uaXBhZGRyZXNzIC1uZSAkbnVsbH0KCiAgICAkbmFtZXNwYWNlcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgX19OYW1lc3BhY2UgLW5hbWVzcGFjZSByb290CiAgICBpZiAoJG5hbWVzcGFjZXMgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAiU3RhbmRhcmRDaW12IiB9KSB7CiAgICAgICAgJG5ldF9hZGFwdGVycyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgTVNGVF9OZXRBZGFwdGVyIC1uYW1lc3BhY2UgUm9vdFxTdGFuZGFyZENpbXYyCiAgICAgICAgJGd1aWRfa2V5ID0gIkludGVyZmFjZUdVSUQiCiAgICAgICAgJG5hbWVfa2V5ID0gIk5hbWUiCiAgICB9IGVsc2UgewogICAgICAgICRuZXRfYWRhcHRlcnMgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX05ldHdvcmtBZGFwdGVyICAgICAgICAKICAgICAgICAkZ3VpZF9rZXkgPSAiR1VJRCIKICAgICAgICAkbmFtZV9rZXkgPSAiTmV0Q29ubmVjdGlvbklEIgogICAgfQoKICAgICRmb3JtYXR0ZWRuZXRjZmcgPSBAKCkKICAgIGZvcmVhY2ggKCRhZGFwdGVyIGluICRBY3RpdmVOZXRjZmcpCiAgICB7CiAgICAgICAgJHRoaXNhZGFwdGVyID0gQHsKICAgICAgICAgICAgZGVmYXVsdF9nYXRld2F5ID0gJG51bGwKICAgICAgICAgICAgY29ubmVjdGlvbl9uYW1lID0gJG51bGwKICAgICAgICAgICAgZG5zX2RvbWFpbiA9ICRhZGFwdGVyLmRuc2RvbWFpbgogICAgICAgICAgICBpbnRlcmZhY2VfaW5kZXggPSAkYWRhcHRlci5JbnRlcmZhY2VJbmRleAogICAgICAgICAgICBpbnRlcmZhY2VfbmFtZSA9ICRhZGFwdGVyLmRlc2NyaXB0aW9uCiAgICAgICAgICAgIG1hY2FkZHJlc3MgPSAkYWRhcHRlci5tYWNhZGRyZXNzCiAgICAgICAgfQoKICAgICAgICBpZiAoJGFkYXB0ZXIuZGVmYXVsdElQR2F0ZXdheSkKICAgICAgICB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5kZWZhdWx0X2dhdGV3YXkgPSAkYWRhcHRlci5EZWZhdWx0SVBHYXRld2F5WzBdLlRvU3RyaW5nKCkKICAgICAgICB9CiAgICAgICAgJG5ldF9hZGFwdGVyID0gJG5ldF9hZGFwdGVycyB8IFdoZXJlLU9iamVjdCB7ICRfLiRndWlkX2tleSAtZXEgJGFkYXB0ZXIuU2V0dGluZ0lEIH0KICAgICAgICBpZiAoJG5ldF9hZGFwdGVyKSB7CiAgICAgICAgICAgICR0aGlzYWRhcHRlci5jb25uZWN0aW9uX25hbWUgPSAkbmV0X2FkYXB0ZXIuJG5hbWVfa2V5CiAgICAgICAgfQoKICAgICAgICAkZm9ybWF0dGVkbmV0Y2ZnICs9ICR0aGlzYWRhcHRlcgogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9pbnRlcmZhY2VzID0gJGZvcm1hdHRlZG5ldGNmZwogICAgfQp9CgppZiAoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoImxvY2FsIikgLWFuZCAkZmFjdHBhdGggLW5lICRudWxsKSB7CiAgICAjIEdldCBhbnkgY3VzdG9tIGZhY3RzOyByZXN1bHRzIGFyZSB1cGRhdGVkIGluIHRoZQogICAgR2V0LUN1c3RvbUZhY3RzIC1mYWN0cGF0aCAkZmFjdHBhdGgKfQoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ21lbW9yeScpKSB7CiAgICAkd2luMzJfY3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX0NvbXB1dGVyU3lzdGVtCiAgICAkd2luMzJfb3MgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX09wZXJhdGluZ1N5c3RlbQogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICAjIFdpbjMyX1BoeXNpY2FsTWVtb3J5IGlzIGVtcHR5IG9uIHNvbWUgdmlydHVhbCBwbGF0Zm9ybXMKICAgICAgICBhbnNpYmxlX21lbXRvdGFsX21iID0gKFttYXRoXTo6cm91bmQoJHdpbjMyX2NzLlRvdGFsUGh5c2ljYWxNZW1vcnkgLyAxMDI0IC8gMTAyNCkpCiAgICAgICAgYW5zaWJsZV9zd2FwdG90YWxfbWIgPSAoW21hdGhdOjpyb3VuZCgkd2luMzJfb3MuVG90YWxTd2FwU3BhY2VTaXplIC8gMTAyNCAvIDEwMjQpKQogICAgfQp9CgoKaWYoJGdhdGhlcl9zdWJzZXQuQ29udGFpbnMoJ3BsYXRmb3JtJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9vcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfT3BlcmF0aW5nU3lzdGVtCiAgICAkaXBfcHJvcHMgPSBbU3lzdGVtLk5ldC5OZXR3b3JrSW5mb3JtYXRpb24uSVBHbG9iYWxQcm9wZXJ0aWVzXTo6R2V0SVBHbG9iYWxQcm9wZXJ0aWVzKCkKCiAgICAkYW5zaWJsZV9mYWN0cyArPSBAewogICAgICAgIGFuc2libGVfYXJjaGl0ZWN0dXJlID0gJHdpbjMyX29zLk9TQXJjaGl0ZWN0dXJlCiAgICAgICAgYW5zaWJsZV9kb21haW4gPSAkaXBfcHJvcHMuRG9tYWluTmFtZQogICAgICAgIGFuc2libGVfZnFkbiA9ICgkaXBfcHJvcHMuSG9zdG5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX2hvc3RuYW1lID0gJGVudjpDT01QVVRFUk5BTUUKICAgICAgICBhbnNpYmxlX2tlcm5lbCA9ICRvc3ZlcnNpb24uVmVyc2lvbi5Ub1N0cmluZygpCiAgICAgICAgYW5zaWJsZV9ub2RlbmFtZSA9ICgkaXBfcHJvcHMuSG9zdE5hbWUgKyAiLiIgKyAkaXBfcHJvcHMuRG9tYWluTmFtZSkKICAgICAgICBhbnNpYmxlX21hY2hpbmVfaWQgPSBHZXQtTWFjaGluZVNpZAogICAgICAgIGFuc2libGVfb3duZXJfY29udGFjdCA9IChbc3RyaW5nXSAkd2luMzJfY3MuUHJpbWFyeU93bmVyQ29udGFjdCkKICAgICAgICBhbnNpYmxlX293bmVyX25hbWUgPSAoW3N0cmluZ10gJHdpbjMyX2NzLlByaW1hcnlPd25lck5hbWUpCiAgICAgICAgIyBGVVRVUkU6IHNob3VsZCB0aGlzIGxpdmUgaW4gaXRzIG93biBzdWJzZXQ/CiAgICAgICAgYW5zaWJsZV9yZWJvb3RfcGVuZGluZyA9IChHZXQtUGVuZGluZ1JlYm9vdFN0YXR1cykKICAgICAgICBhbnNpYmxlX3N5c3RlbSA9ICRvc3ZlcnNpb24uUGxhdGZvcm0uVG9TdHJpbmcoKQogICAgICAgIGFuc2libGVfc3lzdGVtX2Rlc2NyaXB0aW9uID0gKFtzdHJpbmddICR3aW4zMl9vcy5EZXNjcmlwdGlvbikKICAgICAgICBhbnNpYmxlX3N5c3RlbV92ZW5kb3IgPSAkd2luMzJfY3MuTWFudWZhY3R1cmVyCiAgICB9Cn0KCmlmKCRnYXRoZXJfc3Vic2V0LkNvbnRhaW5zKCdwb3dlcnNoZWxsX3ZlcnNpb24nKSkgewogICAgJGFuc2libGVfZmFjdHMgKz0gQHsKICAgICAgICBhbnNpYmxlX3Bvd2Vyc2hlbGxfdmVyc2lvbiA9ICgkUFNWZXJzaW9uVGFibGUuUFNWZXJzaW9uLk1ham9yKQogICAgfQp9CgppZigkZ2F0aGVyX3N1YnNldC5Db250YWlucygncHJvY2Vzc29yJykpIHsKICAgICR3aW4zMl9jcyA9IEdldC1MYXp5Q2ltSW5zdGFuY2UgV2luMzJfQ29tcHV0ZXJTeXN0ZW0KICAgICR3aW4zMl9jcHUgPSBHZXQtTGF6eUNpbUluc3RhbmNlIFdpbjMyX1Byb2Nlc3NvcgogICAgaWYgKCR3aW4zMl9jcHUgLWlzIFthcnJheV0pIHsKICAgICAgICAjIG11bHRpLXNvY2tldCwgcGljayBmaXJzdAogICAgICAgICR3aW4zMl9jcHUgPSAkd2luMzJfY3B1WzBdCiAgICB9CgogICAgJGNwdV9saXN0ID0gQCggKQogICAgZm9yICgkaT0xOyAkaSAtbGUgKCR3aW4zMl9jcHUuTnVtYmVyT2ZMb2dpY2FsUHJvY2Vzc29ycyAvICR3aW4zMl9jcy5OdW1iZXJPZlByb2Nlc3NvcnMpOyAkaSsrKSB7CiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTWFudWZhY3R1cmVyCiAgICAgICAgJGNwdV9saXN0ICs9ICR3aW4zMl9jcHUuTmFtZQogICAgfQoKICAgICRhbnNpYmxlX2ZhY3RzICs9IEB7CiAgICAgICAgYW5zaWJsZV9wcm9jZXNzb3IgPSAkY3B1X2xpc3QKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl9jb3JlcyA9ICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX2NvdW50ID0gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycwogICAgICAgIGFuc2libGVfcHJvY2Vzc29yX3RocmVhZHNfcGVyX2NvcmUgPSAoJHdpbjMyX2NwdS5OdW1iZXJPZkxvZ2ljYWxQcm9jZXNzb3JzIC8gJHdpbjMyX2NzLk51bWJlck9mUHJvY2Vzc29ycyAvICR3aW4zMl9jcHUuTnVtYmVyT2ZDb3JlcykKICAgICAgICBhbnNpYmxlX3Byb2Nlc3Nvcl92Y3B1cyA9ICgkd2luMzJfY3B1Lk51bWJlck9 ScriptBlock ID: 7b9a0f89-eae4-4735-80ff-efb5e8d69602 Path:	4104	1		3	2	15	0	1463	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-65ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): ICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTgsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCkZ1bmN0aW9uIEdldC1DdXN0b21GYWN0cyB7CiAgW2NtZGxldEJpbmRpbmcoKV0KICBwYXJhbSAoCiAgICBbUGFyYW1ldGVyKG1hbmRhdG9yeT0kZmFsc2UpXQogICAgJGZhY3RwYXRoID0gJG51bGwKICApCgogIGlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGZhY3RwYXRoKSkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBwYXRoICRmYWN0cGF0aCBkb2VzIG5vdCBleGlzdC4gVHlwbz8iCiAgfQoKICAkRmFjdHNGaWxlcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJGZhY3RwYXRoIHwgV2hlcmUtT2JqZWN0IC1GaWx0ZXJTY3JpcHQgeygkUFNJdGVtLlBTSXNDb250YWluZXIgLWVxICRmYWxzZSkgLWFuZCAoJFBTSXRlbS5FeHRlbnNpb24gLWVxICcucHMxJyl9CgogIGZvcmVhY2ggKCRGYWN0c0ZpbGUgaW4gJEZhY3RzRmlsZXMpIHsKICAgICAgJG91dCA9ICYgJCgkRmFjdHNGaWxlLkZ1bGxOYW1lKQogICAgICAkcmVzdWx0LmFuc2libGVfZmFjdHMuQWRkKCJhbnNpYmxlXyQoKCRGYWN0c0ZpbGUuTmFtZSkuU3BsaXQoJy4nKVswXSkiLCAkb3V0KQogIH0KfQoKRnVuY3Rpb24gR2V0LU1hY2hpbmVTaWQgewogICAgIyBUaGUgTWFjaGluZSBTSUQgaXMgc3RvcmVkIGluIEhLTE06XFNFQ1VSSVRZXFNBTVxEb21haW5zXEFjY291bnQgYW5kIGlzCiAgICAjIG9ubHkgYWNjZXNzaWJsZSBieSB0aGUgTG9jYWwgU3lzdGVtIGFjY291bnQuIFRoaXMgbWV0aG9kIGdldCdzIHRoZSBsb2NhbAogICAgIyBhZG1pbiBhY2NvdW50IChlbmRzIHdpdGggLTUwMCkgYW5kIGxvcHMgaXQgb2ZmIHRvIGdldCB0aGUgbWFjaGluZSBzaWQuCgogICAgJGFkbWluc19zaWQgPSAiUy0xLTUtMzItNTQ0IgogICAgJGFkbWluX2dyb3VwID0gKFtTZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyXSRhZG1pbnNfc2lkKS5UcmFuc2xhdGUoW1NlY3VyaXR5LlByaW5jaXBhbC5OVEFjY291bnRdKS5WYWx1ZSAKCiAgICBBZGQtVHlwZSAtQXNzZW1ibHlOYW1lIFN5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudAogICAgJHByaW5jaXBhbF9jb250ZXh0ID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbENvbnRleHQoW1N5c3RlbS5EaXJlY3RvcnlTZXJ2aWNlcy5BY2NvdW50TWFuYWdlbWVudC5Db250ZXh0VHlwZV06Ok1hY2hpbmUpCiAgICAkZ3JvdXBfcHJpbmNpcGFsID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50Lkdyb3VwUHJpbmNpcGFsKCRwcmluY2lwYWxfY29udGV4dCwgJGFkbWluX2dyb3VwKQogICAgJHNlYXJjaGVyID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLkRpcmVjdG9yeVNlcnZpY2VzLkFjY291bnRNYW5hZ2VtZW50LlByaW5jaXBhbFNlYXJjaGVyKCRncm91cF9wcmluY2lwYWwpCiAgICAkZ3JvdXBzID0gJHNlYXJjaGVyLkZpbmRPbmUoKQoKICAgICRtYWNoaW5lX3NpZCA9ICRudWxsCiAgICBmb3JlYWNoICgkdXNlciBpbiAkZ3JvdXBzLk1lbWJlcnMpIHsKICAgICAgICAkdXNlcl9zaWQgPSAkdXNlci5TaWQKICAgICAgICBpZiAoJHVzZXJfc2lkLlZhbHVlLkVuZHNXaXRoKCItNTAwIikpIHsKICAgICAgICAgICAgJG1hY2hpbmVfc2lkID0gJHVzZXJfc2lkLkFjY291bnREb21haW5TaWQuVmFsdWUKICAgICAgICAgICAgYnJlYWsKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICRtYWNoaW5lX3NpZAp9CgokY2ltX2luc3RhbmNlcyA9IEB7fQoKRnVuY3Rpb24gR2V0LUxhenlDaW1JbnN0YW5jZShbc3RyaW5nXSRpbnN0YW5jZV9uYW1lLCBbc3RyaW5nXSRuYW1lc3BhY2U9IlJvb3RcQ0lNVjIiKSB7CiAgICBpZigtbm90ICRjaW1faW5zdGFuY2VzLkNvbnRhaW5zS2V5KCRpbnN0YW5jZV9uYW1lKSkgewogICAgICAgICRjaW1faW5zdGFuY2VzWyRpbnN0YW5jZV9uYW1lXSA9ICQoR2V0LUNpbUluc3RhbmNlIC1OYW1lc3BhY2UgJG5hbWVzcGFjZSAtQ2xhc3NOYW1lICRpbnN0YW5jZV9uYW1lKQogICAgfQoKICAgIHJldHVybiAkY2ltX2luc3RhbmNlc1skaW5zdGFuY2VfbmFtZV0KfQoKJHJlc3VsdCA9IEB7CiAgICBhbnNpYmxlX2ZhY3RzID0gQHsgfQogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgokZ3JvdXBlZF9zdWJzZXRzID0gQHsKICAgIG1pbj1bU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuTGlzdFtzdHJpbmddXUAoJ2RhdGVfdGltZScsJ2Rpc3RyaWJ1dGlvbicsJ2RucycsJ2VudicsJ2xvY2FsJywncGxhdGZvcm0nLCdwb3dlcnNoZWxsX3ZlcnNpb24nLCd1c2VyJykKICAgIG5ldHdvcms9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdhbGxfaXB2NF9hZGRyZXNzZXMnLCdhbGxfaXB2Nl9hZGRyZXNzZXMnLCdpbnRlcmZhY2VzJywnd2luZG93c19kb21haW4nLCAnd2lucm0nKQogICAgaGFyZHdhcmU9W1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkxpc3Rbc3RyaW5nXV1AKCdiaW9zJywnbWVtb3J5JywncHJvY2Vzc29yJywndXB0aW1lJykKICAgIGV4dGVybmFsPVtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dQCgnZmFjdGVyJykKfQoKIyBidWlsZCAiYWxsIiBzZXQgZnJvbSBldmVyeXRoaW5nIG1lbnRpb25lZCBpbiB0aGUgZ3JvdXAtIHRoaXMgbWVhbnMgZXZlcnkgdmFsdWUgbXVzdCBiZSBpbiBhdCBsZWFzdCBvbmUgc3Vic2V0IHRvIGJlIGNvbnNpZGVyZWQgbGVnYWwKJGFsbF9zZXQgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuSGFzaFNldFtzdHJpbmddXUAoKQoKZm9yZWFjaCgka3YgaW4gJGdyb3VwZWRfc3Vic2V0cy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgIFt2b2lkXSAkYWxsX3NldC5VbmlvbldpdGgoJGt2LlZhbHVlKQp9CgojIGR5bmFtaWNhbGx5IGNyZWF0ZSBhbiAiYWxsIiBzdWJzZXQgbm93IHRoYXQgd2Uga25vdyB3aGF0IHNob3VsZCBiZSBpbiBpdAokZ3JvdXBlZF9zdWJzZXRzWydhbGwnXSA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5MaXN0W3N0cmluZ11dJGFsbF9zZXQKCiMgc3RhcnQgd2l0aCBhbGwsIGJ1aWxkIHVwIGdhdGhlciBhbmQgZXhjbHVkZSBzdWJzZXRzCiRnYXRoZXJfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV0kZ3JvdXBlZF9zdWJzZXRzLmFsbAokZXhwbGljaXRfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKJGV4Y2x1ZGVfc3Vic2V0ID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkhhc2hTZXRbc3RyaW5nXV1AKCkKCiRwYXJhbXMgPSB ScriptBlock ID: 7b9a0f89-eae4-4735-80ff-efb5e8d69602 Path:	4104	1		3	2	15	0	1462	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-65ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsK ScriptBlock ID: 7b9a0f89-eae4-4735-80ff-efb5e8d69602 Path:	4104	1		3	2	15	0	1461	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	2296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0002-65ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1460	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	4592	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0005-790b-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4676 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1459	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	4020	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0005-790b-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1458	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4676	4592	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:53:16 PM	1909dffc-a75a-0005-790b-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a10b4a9f-d2b7-4427-a6a5-59953dcd991e Path:	4104	1		3	2	15	0	1457	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	1892	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:56 PM	1909dffc-a75a-0001-a3ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 170e8a68-dce2-4de2-91f4-71cc7de0344a Path:	4104	1		3	2	15	0	1456	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	1892	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:56 PM	1909dffc-a75a-0000-5ff0-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): NoYW5nZV9hcmd1bWVudHMgPSBAewogICAgICAgICAgICBTdGFydE5hbWUgPSAkdXNlcm5hbWUKICAgICAgICAgICAgU3RhcnRQYXNzd29yZCA9ICRwYXNzd29yZAogICAgICAgICAgICBEZXNrdG9wSW50ZXJhY3QgPSAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QKICAgICAgICB9CiAgICAgICAgIyBuZWVkIHRvIGRpc2FibGUgZGVza3RvcCBpbnRlcmFjdCB3aGVuIG5vdCB1c2luZyB0aGUgU1lTVEVNIGFjY291bnQKICAgICAgICBpZiAoJHVzZXJuYW1lX3NpZCAtbmUgIlMtMS01LTE4IikgewogICAgICAgICAgICAkY2hhbmdlX2FyZ3VtZW50cy5EZXNrdG9wSW50ZXJhY3QgPSAkZmFsc2UKICAgICAgICB9CgogICAgICAgICNXTUkuQ2hhbmdlIGRvZXNuJ3Qgc3VwcG9ydCAtV2hhdElmLCBjYW5ub3QgZnVsbHkgdGVzdCB3aXRoIGNoZWNrX21vZGUKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzICRjaGFuZ2VfYXJndW1lbnRzCiAgICAgICAgICAgIGlmICgkcmV0dXJuLlJldHVyblZhbHVlIC1uZSAwKSB7CiAgICAgICAgICAgICAgICAkZXJyb3JfbXNnID0gR2V0LVdtaUVycm9yTWVzc2FnZSAtcmV0dXJuX3ZhbHVlICRyZXN1bHQuUmV0dXJuVmFsdWUKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBhY2NvdW50IHRvICQoJHVzZXJuYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9ICAgICAgICAKCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXNrdG9wSW50ZXJhY3QoJHdtaV9zdmMsICRkZXNrdG9wX2ludGVyYWN0KSB7CiAgICBpZiAoJHJlc3VsdC5kZXNrdG9wX2ludGVyYWN0IC1uZSAkZGVza3RvcF9pbnRlcmFjdCkgewogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICRyZXR1cm4gPSAkd21pX3N2YyB8IEludm9rZS1DaW1NZXRob2QgLU1ldGhvZE5hbWUgQ2hhbmdlIC1Bcmd1bWVudHMgQHtEZXNrdG9wSW50ZXJhY3QgPSAkZGVza3RvcF9pbnRlcmFjdH0KICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIHNldCBkZXNrdG9wIGludGVyYWN0ICQoJGRlc2t0b3BfaW50ZXJhY3QpOiAkKCRyZXR1cm4uUmV0dXJuVmFsdWUpIC0gJGVycm9yX21zZyIKICAgICAgICAgICAgfQogICAgICAgIH0KCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSgkc3ZjLCAkZGlzcGxheV9uYW1lKSB7CiAgICBpZiAoJHJlc3VsdC5kaXNwbGF5X25hbWUgLW5lICRkaXNwbGF5X25hbWUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLURpc3BsYXlOYW1lICRkaXNwbGF5X25hbWUgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZURlc2NyaXB0aW9uKCRzdmMsICRkZXNjcmlwdGlvbikgewogICAgaWYgKCRyZXN1bHQuZGVzY3JpcHRpb24gLW5lICRkZXNjcmlwdGlvbikgewogICAgICAgIHRyeSB7CiAgICAgICAgICAgICRzdmMgfCBTZXQtU2VydmljZSAtRGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VQYXRoKCRuYW1lLCAkcGF0aCkgewogICAgaWYgKCRyZXN1bHQucGF0aCAtbmUgJHBhdGgpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICBTZXQtSXRlbVByb3BlcnR5IC1MaXRlcmFsUGF0aCAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIiAtTmFtZSBJbWFnZVBhdGggLVZhbHVlICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VEZXBlbmRlbmNpZXMoJHdtaV9zdmMsICRkZXBlbmRlbmN5X2FjdGlvbiwgJGRlcGVuZGVuY2llcykgewogICAgJGV4aXN0aW5nX2RlcGVuZGVuY2llcyA9ICRyZXN1bHQuZGVwZW5kZW5jaWVzCiAgICBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0kbmV3X2RlcGVuZGVuY2llcyA9IEAoKQoKICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdzZXQnKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGRlcGVuZGVuY2llcykgewogICAgICAgICAgICAkbmV3X2RlcGVuZGVuY2llcy5BZGQoJGRlcGVuZGVuY3kpCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkbmV3X2RlcGVuZGVuY2llcyA9ICRleGlzdGluZ19kZXBlbmRlbmNpZXMKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgICAgIGlmICgkZGVwZW5kZW5jeV9hY3Rpb24gLWVxICdyZW1vdmUnKSB7CiAgICAgICAgICAgICAgICBpZiAoJG5ld19kZXBlbmRlbmNpZXMgLWNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICAgICAgICAgJG5ld19kZXBlbmRlbmNpZXMuUmVtb3ZlKCRkZXBlbmRlbmN5KQogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9IGVsc2VpZiAoJGRlcGVuZGVuY3lfYWN0aW9uIC1lcSAnYWRkJykgewogICAgICAgICAgICAgICAgaWYgKCRuZXdfZGVwZW5kZW5jaWVzIC1ub3Rjb250YWlucyAkZGVwZW5kZW5jeSkgewogICAgICAgICAgICAgICAgICAgICRuZXdfZGVwZW5kZW5jaWVzLkFkZCgkZGVwZW5kZW5jeSkKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KCiAgICAkd2lsbF9jaGFuZ2UgPSAkZmFsc2UKICAgIGZvcmVhY2ggKCRkZXBlbmRlbmN5IGluICRuZXdfZGVwZW5kZW5jaWVzKSB7CiAgICAgICAgaWYgKCRleGlzdGluZ19kZXBlbmRlbmNpZXMgLW5vdGNvbnRhaW5zICRkZXBlbmRlbmN5KSB7CiAgICAgICAgICAgICR3aWxsX2NoYW5nZSA9ICR0cnVlCiAgICAgICAgfQogICAgfQogICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJGV4aXN0aW5nX2RlcGVuZGVuY2llcykgewogICAgICAgIGlmICgkbmV3X2RlcGVuZGVuY2llcyAtbm90Y29udGFpbnMgJGRlcGVuZGVuY3kpIHsKICAgICAgICAgICAgJHdpbGxfY2hhbmdlID0gJHRydWUKICAgICAgICB9CiAgICB9CgogICAgaWYgKCR3aWxsX2NoYW5nZSAtZXEgJHRydWUpIHsKICAgICAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSkgewogICAgICAgICAgICAkcmV0dXJuID0gJHdtaV9zdmMgfCBJbnZva2UtQ2ltTWV0aG9kIC1NZXRob2ROYW1lIENoYW5nZSAtQXJndW1lbnRzIEB7U2VydmljZURlcGVuZGVuY2llcyA9ICRuZXdfZGVwZW5kZW5jaWVzfQogICAgICAgICAgICBpZiAoJHJldHVybi5SZXR1cm5WYWx1ZSAtbmUgMCkgewogICAgICAgICAgICAgICAgJGVycm9yX21zZyA9IEdldC1XbWlFcnJvck1lc3NhZ2UgLXJldHVybl92YWx1ZSAkcmV0dXJuLlJldHVyblZhbHVlCiAgICAgICAgICAgICAgICAkZGVwX3N0cmluZyA9ICRuZXdfZGVwZW5kZW5jaWVzIC1qb2luICIsICIKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkZhaWxlZCB0byBzZXQgc2VydmljZSBkZXBlbmRlbmNpZXMgJCgkZGVwX3N0cmluZyk6ICQoJHJldHVybi5SZXR1cm5WYWx1ZSkgLSAkZXJyb3JfbXNnIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIFNldC1TZXJ2aWNlU3RhdGUoJHN2YywgJHdtaV9zdmMsICRzdGF0ZSkgewogICAgaWYgKCRzdGF0ZSAtZXEgInN0YXJ0ZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInJ1bm5pbmciKSB7CiAgICAgICAgaWYgKCRyZXN1bHQuc3RhdGUgLWVxICJwYXVzZWQiKSB7CiAgICAgICAgICAgIHRyeSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgUmVzdW1lLVNlcnZpY2UgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJmYWlsZWQgdG8gc3RhcnQgc2VydmljZSBmcm9tIHBhdXNlZCBzdGF0ZSAkKCRzdmMuTmFtZSk6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgdHJ5IHsKICAgICAgICAgICAgICAgICRzdmMgfCBTdGFydC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInN0b3BwZWQiIC1hbmQgJHJlc3VsdC5zdGF0ZSAtbmUgInN0b3BwZWQiKSB7CiAgICAgICAgdHJ5IHsKICAgICAgICAgICAgJHN2YyB8IFN0b3AtU2VydmljZSAtRm9yY2U6JGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICRfLkV4Y2VwdGlvbi5NZXNzYWdlCiAgICAgICAgfQogICAgICAgIAogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgInJlc3RhcnRlZCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgUmVzdGFydC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KCiAgICBpZiAoJHN0YXRlIC1lcSAicGF1c2VkIiAtYW5kICRyZXN1bHQuc3RhdGUgLW5lICJwYXVzZWQiKSB7CiAgICAgICAgIyBjaGVjayB0aGF0IHdlIGNhbiBhY3R1YWxseSBwYXVzZSB0aGUgc2VydmljZQogICAgICAgIGlmICgkcmVzdWx0LmNhbl9wYXVzZV9hbmRfY29udGludWUgLWVxICRmYWxzZSkgewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAiZmFpbGVkIHRvIHBhdXNlIHNlcnZpY2UgJCgkc3ZjLk5hbWUpOiBUaGUgc2VydmljZSBkb2VzIG5vdCBzdXBwb3J0IHBhdXNpbmciCiAgICAgICAgfQoKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3VzcGVuZC1TZXJ2aWNlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgImZhaWxlZCB0byBwYXVzZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkiCiAgICAgICAgfQogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgaWYgKCRzdGF0ZSAtZXEgImFic2VudCIpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkc3ZjIHwgU3RvcC1TZXJ2aWNlIC1Gb3JjZTokZm9yY2VfZGVwZW5kZW50X3NlcnZpY2VzIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICB9IGNhdGNoIHsKICAgICAgICAgICAgRmFpbC1Kc29uICRyZXN1bHQgJF8uRXhjZXB0aW9uLk1lc3NhZ2UKICAgICAgICB9CiAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgJHJldHVybiA9ICR3bWlfc3ZjIHwgSW52b2tlLUNpbU1ldGhvZCAtTWV0aG9kTmFtZSBEZWxldGUKICAgICAgICAgICAgaWYgKCRyZXR1cm4uUmV0dXJuVmFsdWUgLW5lIDApIHsKICAgICAgICAgICAgICAgICRlcnJvcl9tc2cgPSBHZXQtV21pRXJyb3JNZXNzYWdlIC1yZXR1cm5fdmFsdWUgJHJldHVybi5SZXR1cm5WYWx1ZQogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRmFpbGVkIHRvIGRlbGV0ZSBzZXJ2aWNlICQoJHN2Yy5OYW1lKTogJCgkcmV0dXJuLlJldHVyblZhbHVlKSAtICRlcnJvcl9tc2ciCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgCiAgICAgICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKICAgIH0KfQoKRnVuY3Rpb24gU2V0LVNlcnZpY2VDb25maWd1cmF0aW9uKCRzdmMpIHsKICAgICR3bWlfc3ZjID0gR2V0LUNpbUluc3RhbmNlIC1DbGFzc05hbWUgV2luMzJfU2VydmljZSAtRmlsdGVyICJuYW1lPSckKCRzdmMuTmFtZSknIgogICAgR2V0LVNlcnZpY2VJbmZvIC1uYW1lICRzdmMuTmFtZQogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1lcSAkdHJ1ZSAtYW5kICgtbm90ICgkcmVzdWx0LnVzZXJuYW1lIC1lcSAnTG9jYWxTeXN0ZW0nIC1vciAkdXNlcm5hbWUgLWVxICdMb2NhbFN5c3RlbScpKSkgewogICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgZGVza3RvcF9pbnRlcmFjdCB0byB0cnVlIHdoZW4gc2VydmljZSBpcyBydW4gd2l0aC9vciAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgogICAgfQoKICAgIGlmICgkc3RhcnRfbW9kZSAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZVN0YXJ0TW9kZSAtc3ZjICRzdmMgLXN0YXJ0X21vZGUgJHN0YXJ0X21vZGUKICAgIH0KCiAgICBpZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlQWNjb3VudCAtd21pX3N2YyAkd21pX3N2YyAtdXNlcm5hbWVfc2lkICR1c2VybmFtZV9zaWQgLXVzZXJuYW1lICR1c2VybmFtZSAtcGFzc3dvcmQgJHBhc3N3b3JkCiAgICB9CgogICAgaWYgKCRkaXNwbGF5X25hbWUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VEaXNwbGF5TmFtZSAtc3ZjICRzdmMgLWRpc3BsYXlfbmFtZSAkZGlzcGxheV9uYW1lCiAgICB9CgogICAgaWYgKCRkZXNrdG9wX2ludGVyYWN0IC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlRGVza3RvcEludGVyYWN0IC13bWlfc3ZjICR3bWlfc3ZjIC1kZXNrdG9wX2ludGVyYWN0ICRkZXNrdG9wX2ludGVyYWN0CiAgICB9CgogICAgaWYgKCRkZXNjcmlwdGlvbiAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlc2NyaXB0aW9uIC1zdmMgJHN2YyAtZGVzY3JpcHRpb24gJGRlc2NyaXB0aW9uCiAgICB9CgogICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgIFNldC1TZXJ2aWNlUGF0aCAtbmFtZSAkc3ZjLk5hbWUgLXBhdGggJHBhdGgKICAgIH0KCiAgICBpZiAoJGRlcGVuZGVuY2llcyAtbmUgJG51bGwpIHsKICAgICAgICBTZXQtU2VydmljZURlcGVuZGVuY2llcyAtd21pX3N2YyAkd21pX3N2YyAtZGVwZW5kZW5jeV9hY3Rpb24gJGRlcGVuZGVuY3lfYWN0aW9uIC1kZXBlbmRlbmNpZXMgJGRlcGVuZGVuY2llcwogICAgfQoKICAgIGlmICgkc3RhdGUgLW5lICRudWxsKSB7CiAgICAgICAgU2V0LVNlcnZpY2VTdGF0ZSAtc3ZjICRzdmMgLXdtaV9zdmMgJHdtaV9zdmMgLXN0YXRlICRzdGF0ZQogICAgfQp9CgojIG5lZWQgdG8gdXNlIFdoZXJlLU9iamVjdCBhcyAtTmFtZSBkb2Vzbid0IHdvcmsgd2l0aCBbXSBpbiB0aGUgc2VydmljZSBuYW1lCiMgaHR0cHM6Ly9naXRodWIuY29tL2Fuc2libGUvYW5zaWJsZS9pc3N1ZXMvMzc2MjEKJHN2YyA9IEdldC1TZXJ2aWNlIHwgV2hlcmUtT2JqZWN0IHsgJF8uTmFtZSAtZXEgJG5hbWUgLW9yICRfLkRpc3BsYXlOYW1lIC1lcSAkbmFtZSB9CmlmICgkc3ZjKSB7CiAgICBTZXQtU2VydmljZUNvbmZpZ3VyYXRpb24gLXN2YyAkc3ZjCn0gZWxzZSB7CiAgICAkcmVzdWx0LmV4aXN0cyA9ICRmYWxzZQogICAgaWYgKCRzdGF0ZSAtbmUgJ2Fic2VudCcpIHsKICAgICAgICAjIENoZWNrIGlmIHBhdGggaXMgZGVmaW5lZCwgaWYgc28gY3JlYXRlIHRoZSBzZXJ2aWNlCiAgICAgICAgaWYgKCRwYXRoIC1uZSAkbnVsbCkgewogICAgICAgICAgICB0cnkgewogICAgICAgICAgICAgICAgTmV3LVNlcnZpY2UgLU5hbWUgJG5hbWUgLUJpbmFyeVBhdGhuYW1lICRwYXRoIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfSBjYXRjaCB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCgogICAgICAgICAgICAkc3ZjID0gR2V0LVNlcnZpY2UgfCBXaGVyZS1PYmplY3QgeyAkXy5OYW1lIC1lcSAkbmFtZSB9CiAgICAgICAgICAgIFNldC1TZXJ2aWNlQ29uZmlndXJhdGlvbiAtc3ZjICRzdmMKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAjIFdlIHdpbGwgb25seSByZWFjaCBoZXJlIGlmIHRoZSBzZXJ2aWNlIGlzIGluc3RhbGxlZCBhbmQgdGhlIHN0YXRlIGlzIG5vdCBhYnNlbnQKICAgICAgICAgICAgIyBXaWxsIGNoZWNrIGlmIGFueSBvZiB0aGUgZGVmYXVsdCBhY3Rpb25zIGFyZSBzZXQgYW5kIGZhaWwgYXMgd2UgY2Fubm90IGFjdGlvbiBpdAogICAgICAgICAgICBpZiAoJHN0YXJ0X21vZGUgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJHN0YXRlIC1uZSAkbnVsbCAtb3IKICAgICAgICAgICAgICAgICR1c2VybmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkcGFzc3dvcmQgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRpc3BsYXlfbmFtZSAtbmUgJG51bGwgLW9yCiAgICAgICAgICAgICAgICAkZGVzY3JpcHRpb24gLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlc2t0b3BfaW50ZXJhY3QgLW5lICRmYWxzZSAtb3IKICAgICAgICAgICAgICAgICRkZXBlbmRlbmNpZXMgLW5lICRudWxsIC1vcgogICAgICAgICAgICAgICAgJGRlcGVuZGVuY3lfYWN0aW9uIC1uZSAnc2V0JykgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJTZXJ2aWNlICckbmFtZScgaXMgbm90IGluc3RhbGxlZCwgbmVlZCB0byBzZXQgJ3BhdGgnIHRvIGNyZWF0ZSBhIG5ldyBzZXJ2aWNlIgogICAgICAgICAgICB9CiAgICAgICAgfQogICAgfQp9CgojIEFmdGVyIG1ha2luZyBhIGNoYW5nZSwgbGV0J3MgZ2V0IHRoZSBzZXJ2aWNlIGluZm8gYWdhaW4gdW5sZXNzIHdlIGRlbGV0ZWQgaXQKaWYgKCRzdGF0ZSAtZXEgJ2Fic2VudCcpIHsKICAgICMgUmVjcmVhdGUgcmVzdWx0IHNvIGl0IGRvZXNuJ3QgaGF2ZSB0aGUgZXh0cmEgbWV0YSBkYXRhIG5vdyB0aGF0IGlzIGhhcyBiZWVuIGRlbGV0ZWQKICAgICRjaGFuZ2VkID0gJHJlc3VsdC5jaGFuZ2VkCiAgICAkcmVzdWx0ID0gQHsKICAgICAgICBjaGFuZ2VkID0gJGNoYW5nZWQKICAgICAgICBleGlzdHMgPSAkZmFsc2UKICAgIH0KfSBlbHNlaWYgKCRzdmMgLW5lICRudWxsKSB7CiAgICBHZXQtU2VydmljZUluZm8gLW5hbWUgJG5hbWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "name": "msiscsi", "start_mode": "auto", "_ansible_module_name": "win_service", "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "state": "started", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_no_log": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 8d5c8d95-1d32-461d-9d74-fb5fa63bec5d Path:	4104	1		3	2	15	0	1455	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	1892	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0005-c309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): LiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTQsIENocmlzIEhvZmZtYW4gPGNob2ZmbWFuQGNoYXRoYW1maW5hbmNpYWwuY29tPgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5TSUQKCiRFcnJvckFjdGlvblByZWZlcmVuY2UgPSAiU3RvcCIKCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICR0cnVlCiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ19hbnNpYmxlX2NoZWNrX21vZGUnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKCiRkZXBlbmRlbmNpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVwZW5kZW5jaWVzJyAtdHlwZSAnbGlzdCcgLWRlZmF1bHQgJG51bGwKJGRlcGVuZGVuY3lfYWN0aW9uID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2RlcGVuZGVuY3lfYWN0aW9uJyAtdHlwZSAnc3RyJyAtZGVmYXVsdCAnc2V0JyAtdmFsaWRhdGVzZXQgJ2FkZCcsJ3JlbW92ZScsJ3NldCcgCiRkZXNjcmlwdGlvbiA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdkZXNjcmlwdGlvbicgLXR5cGUgJ3N0cicKJGRlc2t0b3BfaW50ZXJhY3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnZGVza3RvcF9pbnRlcmFjdCcgLXR5cGUgJ2Jvb2wnIC1kZWZhdWx0ICRmYWxzZQokZGlzcGxheV9uYW1lID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgJ2Rpc3BsYXlfbmFtZScgLXR5cGUgJ3N0cicKJGZvcmNlX2RlcGVuZGVudF9zZXJ2aWNlcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdmb3JjZV9kZXBlbmRlbnRfc2VydmljZXMnIC10eXBlICdib29sJyAtZGVmYXVsdCAkZmFsc2UKJG5hbWUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnbmFtZScgLXR5cGUgJ3N0cicgLWZhaWxpZmVtcHR5ICR0cnVlCiRwYXNzd29yZCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICdwYXNzd29yZCcgLXR5cGUgJ3N0cicKJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAncGF0aCcKJHN0YXJ0X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhcnRfbW9kZScgLXR5cGUgJ3N0cicgLXZhbGlkYXRlc2V0ICdhdXRvJywnbWFudWFsJywnZGlzYWJsZWQnLCdkZWxheWVkJwokc3RhdGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAnc3RhdGUnIC10eXBlICdzdHInIC12YWxpZGF0ZXNldCAnc3RhcnRlZCcsJ3N0b3BwZWQnLCdyZXN0YXJ0ZWQnLCdhYnNlbnQnLCdwYXVzZWQnCiR1c2VybmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICd1c2VybmFtZScgLXR5cGUgJ3N0cicKCiRyZXN1bHQgPSBAewogICAgY2hhbmdlZCA9ICRmYWxzZQp9CgojIHBhcnNlIHRoZSB1c2VybmFtZSB0byBTSUQgYW5kIGJhY2sgc28gd2UgZ2V0IHRoZSBmdWxsIHVzZXJuYW1lIHdpdGggZG9tYWluIGluIGEgd2F5IFdNSSB1bmRlcnN0YW5kcwppZiAoJHVzZXJuYW1lIC1uZSAkbnVsbCkgewogICAgaWYgKCR1c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICR1c2VybmFtZV9zaWQgPSAiUy0xLTUtMTgiCiAgICB9IGVsc2UgewogICAgICAgICR1c2VybmFtZV9zaWQgPSBDb252ZXJ0LVRvU0lEIC1hY2NvdW50X25hbWUgJHVzZXJuYW1lCiAgICB9CgogICAgIyB0aGUgU1lTVEVNIGFjY291bnQgaXMgYSBzcGVjaWFsIGJlYXN0LCBXaW4zMl9TZXJ2aWNlIENoYW5nZSByZXF1aXJlcyBTdGFydE5hbWUgdG8gYmUgTG9jYWxTeXN0ZW0KICAgICMgdG8gc3BlY2lmeSBMb2NhbFN5c3RlbS9OVCBBVVRIT1JJVFlcU1lTVEVNCiAgICBpZiAoJHVzZXJuYW1lX3NpZCAtZXEgIlMtMS01LTE4IikgewogICAgICAgICR1c2VybmFtZSA9ICJMb2NhbFN5c3RlbSIKICAgICAgICAkcGFzc3dvcmQgPSAkbnVsbAogICAgfSBlbHNlIHsKICAgICAgICAjIFdpbjMyX1NlcnZpY2UsIHBhc3N3b3JkIG11c3QgYmUgIiIgYW5kIG5vdCAkbnVsbCB3aGVuIHNldHRpbmcgdG8gTG9jYWxTZXJ2aWNlIG9yIE5ldHdvcmtTZXJ2aWNlCiAgICAgICAgaWYgKCR1c2VybmFtZV9zaWQgLWluIEAoIlMtMS01LTE5IiwgIlMtMS01LTIwIikpIHsKICAgICAgICAgICAgJHBhc3N3b3JkID0gIiIKICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gQ29udmVydC1Gcm9tU0lEIC1zaWQgJHVzZXJuYW1lX3NpZAogICAgfQp9CmlmICgkcGFzc3dvcmQgLW5lICRudWxsIC1hbmQgJHVzZXJuYW1lIC1lcSAkbnVsbCkgewogICAgRmFpbC1Kc29uICRyZXN1bHQgIlRoZSBhcmd1bWVudCAndXNlcm5hbWUnIG11c3QgYmUgc3VwcGxpZWQgd2l0aCAncGFzc3dvcmQnIgp9CmlmICgkZGVza3RvcF9pbnRlcmFjdCAtZXEgJHRydWUgLWFuZCAoLW5vdCAoJHVzZXJuYW1lIC1lcSAiTG9jYWxTeXN0ZW0iIC1vciAkdXNlcm5hbWUgLWVxICRudWxsKSkpIHsKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJDYW4gb25seSBzZXQgJ2Rlc2t0b3BfaW50ZXJhY3QnIHRvIHRydWUgd2hlbiAndXNlcm5hbWUnIGVxdWFscyAnTG9jYWxTeXN0ZW0nIgp9CmlmICgkcGF0aCAtbmUgJG51bGwpIHsKICAgICRwYXRoID0gW1N5c3RlbS5FbnZpcm9ubWVudF06OkV4cGFuZEVudmlyb25tZW50VmFyaWFibGVzKCRwYXRoKQp9CgpGdW5jdGlvbiBHZXQtU2VydmljZUluZm8oJG5hbWUpIHsKICAgICMgTmVlZCB0byBnZXQgbmV3IG9iamVjdHMgc28gd2UgaGF2ZSB0aGUgbGF0ZXN0IGluZm8KICAgICRzdmMgPSBHZXQtU2VydmljZSB8IFdoZXJlLU9iamVjdCB7ICRfLk5hbWUgLWVxICRuYW1lIC1vciAkXy5EaXNwbGF5TmFtZSAtZXEgJG5hbWUgfQogICAgJHdtaV9zdmMgPSBHZXQtQ2ltSW5zdGFuY2UgLUNsYXNzTmFtZSBXaW4zMl9TZXJ2aWNlIC1GaWx0ZXIgIm5hbWU9JyQoJHN2Yy5OYW1lKSciCgogICAgIyBEZWxheWVkIHN0YXJ0X21vZGUgaXMgaW4gcmVhbGl0eSBBdXRvbWF0aWMgKERlbGF5ZWQpLCBuZWVkIHRvIGNoZWNrIHJlZyBrZXkgZm9yIHR5cGUKICAgICRkZWxheWVkID0gR2V0LURlbGF5ZWRTdGF0dXMgLW5hbWUgJHN2Yy5OYW1lCiAgICAkYWN0dWFsX3N0YXJ0X21vZGUgPSAkd21pX3N2Yy5TdGFydE1vZGUuVG9TdHJpbmcoKS5Ub0xvd2VyKCkgCiAgICBpZiAoJGRlbGF5ZWQgLWFuZCAkYWN0dWFsX3N0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICRhY3R1YWxfc3RhcnRfbW9kZSA9ICdkZWxheWVkJwogICAgfQoKICAgICRleGlzdGluZ19kZXBlbmRlbmNpZXMgPSBAKCkKICAgICRleGlzdGluZ19kZXBlbmRlZF9ieSA9IEAoKQogICAgaWYgKCRzdmMuU2VydmljZXNEZXBlbmRlZE9uLkNvdW50IC1ndCAwKSB7CiAgICAgICAgZm9yZWFjaCAoJGRlcGVuZGVuY3kgaW4gJHN2Yy5TZXJ2aWNlc0RlcGVuZGVkT24uTmFtZSkgewogICAgICAgICAgICAkZXhpc3RpbmdfZGVwZW5kZW5jaWVzICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgaWYgKCRzdmMuRGVwZW5kZW50U2VydmljZXMuQ291bnQgLWd0IDApIHsKICAgICAgICBmb3JlYWNoICgkZGVwZW5kZW5jeSBpbiAkc3ZjLkRlcGVuZGVudFNlcnZpY2VzLk5hbWUpIHsKICAgICAgICAgICAgJGV4aXN0aW5nX2RlcGVuZGVkX2J5ICs9ICRkZXBlbmRlbmN5CiAgICAgICAgfQogICAgfQogICAgJGRlc2NyaXB0aW9uID0gJHdtaV9zdmMuRGVzY3JpcHRpb24KICAgIGlmICgkZGVzY3JpcHRpb24gLWVxICRudWxsKSB7CiAgICAgICAgJGRlc2NyaXB0aW9uID0gIiIKICAgIH0KCiAgICAkcmVzdWx0LmV4aXN0cyA9ICR0cnVlCiAgICAkcmVzdWx0Lm5hbWUgPSAkc3ZjLk5hbWUKICAgICRyZXN1bHQuZGlzcGxheV9uYW1lID0gJHN2Yy5EaXNwbGF5TmFtZQogICAgJHJlc3VsdC5zdGF0ZSA9ICRzdmMuU3RhdHVzLlRvU3RyaW5nKCkuVG9Mb3dlcigpCiAgICAkcmVzdWx0LnN0YXJ0X21vZGUgPSAkYWN0dWFsX3N0YXJ0X21vZGUKICAgICRyZXN1bHQucGF0aCA9ICR3bWlfc3ZjLlBhdGhOYW1lCiAgICAkcmVzdWx0LmRlc2NyaXB0aW9uID0gJGRlc2NyaXB0aW9uCiAgICAkcmVzdWx0LnVzZXJuYW1lID0gJHdtaV9zdmMuU3RhcnROYW1lCiAgICAkcmVzdWx0LmRlc2t0b3BfaW50ZXJhY3QgPSAkd21pX3N2Yy5EZXNrdG9wSW50ZXJhY3QKICAgICRyZXN1bHQuZGVwZW5kZW5jaWVzID0gJGV4aXN0aW5nX2RlcGVuZGVuY2llcwogICAgJHJlc3VsdC5kZXBlbmRlZF9ieSA9ICRleGlzdGluZ19kZXBlbmRlZF9ieQogICAgJHJlc3VsdC5jYW5fcGF1c2VfYW5kX2NvbnRpbnVlID0gJHN2Yy5DYW5QYXVzZUFuZENvbnRpbnVlCn0KCkZ1bmN0aW9uIEdldC1XbWlFcnJvck1lc3NhZ2UoJHJldHVybl92YWx1ZSkgewogICAgIyBUaGVzZSB2YWx1ZXMgYXJlIGRlcml2ZWQgZnJvbSBodHRwczovL21zZG4ubWljcm9zb2Z0LmNvbS9lbi11cy9saWJyYXJ5L2FhMzg0OTAxKHY9dnMuODUpLmFzcHgKICAgIHN3aXRjaCAoJHJldHVybl92YWx1ZSkgewogICAgICAgIDEgeyAiTm90IFN1cHBvcnRlZDogVGhlIHJlcXVlc3QgaXMgbm90IHN1cHBvcnRlZCIgfQogICAgICAgIDIgeyAiQWNjZXNzIERlbmllZDogVGhlIHVzZXIgZGlkIG5vdCBoYXZlIHRoZSBuZWNlc3NhcnkgYWNjZXNzIiB9CiAgICAgICAgMyB7ICJEZXBlbmRlbnQgU2VydmljZXMgUnVubmluZzogVGhlIHNlcnZpY2UgY2Fubm90IGJlIHN0b3BwZWQgYmVjYXVzZSBvdGhlciBzZXJ2aWNlcyB0aGF0IGFyZSBydW5uaW5nIGFyZSBkZXBlbmRlbnQgb24gaXQiIH0KICAgICAgICA0IHsgIkludmFsaWQgU2VydmljZSBDb250cm9sOiBUaGUgcmVxdWVzdGVkIGNvbnRyb2wgY29kZSBpcyBub3QgdmFsaWQsIG9yIGl0IGlzIHVuYWNjZXB0YWJsZSB0byB0aGUgc2VydmljZSIgfQogICAgICAgIDUgeyAiU2VydmljZSBDYW5ub3QgQWNjZXB0IENvbnRyb2w6IFRoZSByZXF1ZXN0ZWQgY29udHJvbCBjb2RlIGNhbm5vdCBiZSBzZW50IHRvIHRoZSBzZXJ2aWNlIGJlY2F1c2UgdGhlIHN0YXRlIG9mIHRoZSBzZXJ2aWNlIChXaW4zMl9CYXNlU2VydmljZS5TdGF0ZSBwcm9wZXJ0eSkgaXMgZXF1YWwgdG8gMCwgMSwgb3IgMiIgfQogICAgICAgIDYgeyAiU2VydmljZSBOb3QgQWN0aXZlOiBUaGUgc2VydmljZSBoYXMgbm90IGJlZW4gc3RhcnRlZCIgfQogICAgICAgIDcgeyAiU2VydmljZSBSZXF1ZXN0IFRpbWVvdXQ6IFRoZSBzZXJ2aWNlIGRpZCBub3QgcmVzcG9uZCB0byB0aGUgc3RhcnQgcmVxdWVzdCBpbiBhIHRpbWVseSBmYXNoaW9uIiB9CiAgICAgICAgOCB7ICJVbmtub3duIEZhaWx1cmU6IFVua25vd24gZmFpbHVyZSB3aGVuIHN0YXJ0aW5nIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgOSB7ICJQYXRoIE5vdCBGb3VuZDogVGhlIGRpcmVjdG9yeSBwYXRoIHRvIHRoZSBzZXJ2aWNlIGV4ZWN1dGFibGUgZmlsZSB3YXMgbm90IGZvdW5kIiB9CiAgICAgICAgMTAgeyAiU2VydmljZSBBbHJlYWR5IFJ1bm5pbmc6IFRoZSBzZXJ2aWNlIGlzIGFscmVhZHkgcnVubmluZyIgfQogICAgICAgIDExIHsgIlNlcnZpY2UgRGF0YWJhc2UgTG9ja2VkOiBUaGUgZGF0YWJhc2UgdG8gYWRkIGEgbmV3IHNlcnZpY2UgaXMgbG9ja2VkIiB9CiAgICAgICAgMTIgeyAiU2VydmljZSBEZXBlbmRlbmN5IERlbGV0ZWQ6IEEgZGVwZW5kZW5jeSB0aGlzIHNlcnZpY2UgcmVsaWVzIG9uIGhhcyBiZWVuIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTMgeyAiU2VydmljZSBEZXBlbmRlbmN5IEZhaWx1cmU6IFRoZSBzZXJ2aWNlIGZhaWxlZCB0byBmaW5kIHRoZSBzZXJ2aWNlIG5lZWRlZCBmcm9tIGEgZGVwZW5kZW50IHNlcnZpY2UiIH0KICAgICAgICAxNCB7ICJTZXJ2aWNlIERpc2FibGVkOiBUaGUgc2VydmljZSBoYXMgYmVlbiBkaXNhYmxlZCBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAxNSB7ICJTZXJ2aWNlIExvZ29uIEZhaWxlZDogVGhlIHNlcnZpY2UgZG9lcyBub3QgaGF2ZSB0aGUgY29ycmVjdCBhdXRoZW50aWNhdGlvbiB0byBydW4gb24gdGhlIHN5c3RlbSIgfQogICAgICAgIDE2IHsgIlNlcnZpY2UgTWFya2VkIEZvciBEZWxldGlvbjogVGhpcyBzZXJ2aWNlIGlzIGJlaW5nIHJlbW92ZWQgZnJvbSB0aGUgc3lzdGVtIiB9CiAgICAgICAgMTcgeyAiU2VydmljZSBObyBUaHJlYWQ6IFRoZSBzZXJ2aWNlIGhhcyBubyBleGVjdXRpb24gdGhyZWFkIiB9CiAgICAgICAgMTggeyAiU3RhdHVzIENpcmN1bGFyIERlcGVuZGVuY3k6IFRoZSBzZXJ2aWNlIGhhcyBjaXJjdWxhciBkZXBlbmRlbmNpZXMgd2hlbiBpdCBzdGFydHMiIH0KICAgICAgICAxOSB7ICJTdGF0dXMgRHVwbGljYXRlIE5hbWU6IEEgc2VydmljZSBpcyBydW5uaW5nIHVuZGVyIHRoZSBzYW1lIG5hbWUiIH0KICAgICAgICAyMCB7ICJTdGF0dXMgSW52YWxpZCBOYW1lOiBUaGUgc2VydmljZSBuYW1lIGhhcyBpbnZhbGlkIGNoYXJhY3RlcnMiIH0KICAgICAgICAyMSB7ICJTdGF0dXMgSW52YWxpZCBQYXJhbWV0ZXI6IEludmFsaWQgcGFyYW1ldGVycyBoYXZlIGJlZW4gcGFzc2VkIHRvIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjIgeyAiU3RhdHVzIEludmFsaWQgU2VydmljZSBBY2NvdW50OiBUaGUgYWNjb3VudCB1bmRlciB3aGljaCB0aGlzIHNlcnZpY2UgcnVucyBpcyBlaXRoZXIgaW52YWxpZCBvciBsYWNrcyB0aGUgcGVybWlzc2lvbnMgdG8gcnVuIHRoZSBzZXJ2aWNlIiB9CiAgICAgICAgMjMgeyAiU3RhdHVzIFNlcnZpY2UgRXhpc3RzOiBUaGUgc2VydmljZSBleGlzdHMgaW4gdGhlIGRhdGFiYXNlIG9mIHNlcnZpY2VzIGF2YWlsYWJsZSBmcm9tIHRoZSBzeXN0ZW0iIH0KICAgICAgICAyNCB7ICJTZXJ2aWNlIEFscmVhZHkgUGF1c2VkOiBUaGUgc2VydmljZSBpcyBjdXJyZW50bHkgcGF1c2VkIGluIHRoZSBzeXN0ZW0iIH0KICAgICAgICBkZWZhdWx0IHsgIk90aGVyIEVycm9yIiB9CiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1EZWxheWVkU3RhdHVzKCRuYW1lKSB7CiAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCRuYW1lIgogICAgdHJ5IHsKICAgICAgICAkZGVsYXllZCA9IENvbnZlcnRUby1Cb29sICgoR2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5KS5EZWxheWVkQXV0b3N0YXJ0KQogICAgfSBjYXRjaCB7CiAgICAgICAgJGRlbGF5ZWQgPSAkZmFsc2UKICAgIH0KCiAgICAkZGVsYXllZAp9CgpGdW5jdGlvbiBTZXQtU2VydmljZVN0YXJ0TW9kZSgkc3ZjLCAkc3RhcnRfbW9kZSkgewogICAgaWYgKCRyZXN1bHQuc3RhcnRfbW9kZSAtbmUgJHN0YXJ0X21vZGUpIHsKICAgICAgICB0cnkgewogICAgICAgICAgICAkZGVsYXllZF9rZXkgPSAiSEtMTTpcU3lzdGVtXEN1cnJlbnRDb250cm9sU2V0XFNlcnZpY2VzXCQoJHN2Yy5OYW1lKSIKICAgICAgICAgICAgIyBPcmlnaW5hbCBzdGFydCB1cCB0eXBlIHdhcyBhdXRvIChkZWxheWVkKSBhbmQgd2Ugd2FudCBhdXRvLCBuZWVkIHRvIHJlbW92ZWQgZGVsYXllZCBrZXkKICAgICAgICAgICAgaWYgKCRzdGFydF9tb2RlIC1lcSAnYXV0bycgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMCAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgYXV0byBhbmQgd2Ugd2FudCBhdXRvIChkZWxheWVkKSwgbmVlZCB0byBhZGQgZGVsYXllZCBrZXkKICAgICAgICAgICAgfSBlbHNlaWYgKCRzdGFydF9tb2RlIC1lcSAnZGVsYXllZCcgLWFuZCAkcmVzdWx0LnN0YXJ0X21vZGUgLWVxICdhdXRvJykgewogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IGF1dG8gb3IgYXV0byAoZGVsYXllZCksIG5lZWQgdG8gY2hhbmdlIHRvIGF1dG8gYW5kIGFkZCBkZWxheWVkIGtleQogICAgICAgICAgICB9IGVsc2VpZiAoJHN0YXJ0X21vZGUgLWVxICdkZWxheWVkJykgewogICAgICAgICAgICAgICAgJHN2YyB8IFNldC1TZXJ2aWNlIC1TdGFydHVwVHlwZSAiYXV0byIgLVdoYXRJZjokY2hlY2tfbW9kZQogICAgICAgICAgICAgICAgU2V0LUl0ZW1Qcm9wZXJ0eSAtTGl0ZXJhbFBhdGggJGRlbGF5ZWRfa2V5IC1OYW1lICJEZWxheWVkQXV0b3N0YXJ0IiAtVmFsdWUgMSAtV2hhdElmOiRjaGVja19tb2RlCiAgICAgICAgICAgICMgT3JpZ2luYWwgc3RhcnQgdXAgdHlwZSB3YXMgbm90IHdoYXQgd2Ugd2VyZSBsb29raW5nIGZvciwganVzdCBjaGFuZ2UgdG8gdGhhdCB0eXBlCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICAkc3ZjIHwgU2V0LVNlcnZpY2UgLVN0YXJ0dXBUeXBlICRzdGFydF9tb2RlIC1XaGF0SWY6JGNoZWNrX21vZGUKICAgICAgICAgICAgfQogICAgICAgIH0gY2F0Y2ggewogICAgICAgICAgICBGYWlsLUpzb24gJHJlc3VsdCAkXy5FeGNlcHRpb24uTWVzc2FnZQogICAgICAgIH0KICAgICAgICAKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQp9CgpGdW5jdGlvbiBTZXQtU2VydmljZUFjY291bnQoJHdtaV9zdmMsICR1c2VybmFtZV9zaWQsICR1c2VybmFtZSwgJHBhc3N3b3JkKSB7CiAgICBpZiAoJHJlc3VsdC51c2VybmFtZSAtZXEgIkxvY2FsU3lzdGVtIikgewogICAgICAgICRhY3R1YWxfc2lkID0gIlMtMS01LTE4IgogICAgfSBlbHNlIHsKICAgICAgICAkYWN0dWFsX3NpZCA9IENvbnZlcnQtVG9TSUQgLWFjY291bnRfbmFtZSAkcmVzdWx0LnVzZXJuYW1lCiAgICB9CgogICAgaWYgKCRhY3R1YWxfc2lkIC1uZSAkdXNlcm5hbWVfc2lkKSB7CiAgICAgICAgJG ScriptBlock ID: 8d5c8d95-1d32-461d-9d74-fb5fa63bec5d Path:	4104	1		3	2	15	0	1454	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	1892	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0005-c309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.SID": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCkZ1bmN0aW9uIENvbnZlcnQtRnJvbVNJRCgkc2lkKSB7CiAgICAjIENvbnZlcnRzIGEgU0lEIHRvIGEgRG93bi1MZXZlbCBMb2dvbiBuYW1lIGluIHRoZSBmb3JtIG9mIERPTUFJTlxVc2VyTmFtZQogICAgIyBJZiB0aGUgU0lEIGlzIGZvciBhIGxvY2FsIHVzZXIgb3IgZ3JvdXAgdGhlbiBET01BSU4gd291bGQgYmUgdGhlIHNlcnZlcgogICAgIyBuYW1lLgoKICAgICRhY2NvdW50X29iamVjdCA9IE5ldy1PYmplY3QgU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXIoJHNpZCkKICAgIHRyeSB7CiAgICAgICAgJG50X2FjY291bnQgPSAkYWNjb3VudF9vYmplY3QuVHJhbnNsYXRlKFtTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudF0pCiAgICB9IGNhdGNoIHsKICAgICAgICBGYWlsLUpzb24gLW9iaiBAe30gLW1lc3NhZ2UgImZhaWxlZCB0byBjb252ZXJ0IHNpZCAnJHNpZCcgdG8gYSBsb2dvbiBuYW1lOiAkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSIKICAgIH0KCiAgICByZXR1cm4gJG50X2FjY291bnQuVmFsdWUKfQoKRnVuY3Rpb24gQ29udmVydC1Ub1NJRCB7CiAgICBbRGlhZ25vc3RpY3MuQ29kZUFuYWx5c2lzLlN1cHByZXNzTWVzc2FnZUF0dHJpYnV0ZSgiUFNBdm9pZFVzaW5nRW1wdHlDYXRjaEJsb2NrIiwgIiIsIEp1c3RpZmljYXRpb249IldlIGRvbid0IGNhcmUgaWYgY29udmVydGluZyB0byBhIFNJRCBmYWlscywganVzdCB0aGF0IGl0IGZhaWxlZCBvciBub3QiKV0KICAgIHBhcmFtKCRhY2NvdW50X25hbWUpCiAgICAjIENvbnZlcnRzIGFuIGFjY291bnQgbmFtZSB0byBhIFNJRCwgaXQgY2FuIHRha2UgaW4gdGhlIGZvbGxvd2luZyBmb3JtcwogICAgIyBTSUQ6IFdpbGwganVzdCByZXR1cm4gdGhlIFNJRCB2YWx1ZSB0aGF0IHdhcyBwYXNzZWQgaW4KICAgICMgVVBOOgogICAgIyAgIHByaW5jaXBhbEBkb21haW4gKERvbWFpbiB1c2VycyBvbmx5KQogICAgIyBEb3duLUxldmVsIExvZ2luIE5hbWUKICAgICMgICBET01BSU5ccHJpbmNpcGFsIChEb21haW4pCiAgICAjICAgU0VSVkVSTkFNRVxwcmluY2lwYWwgKExvY2FsKQogICAgIyAgIC5ccHJpbmNpcGFsIChMb2NhbCkKICAgICMgICBOVCBBVVRIT1JJVFlcU1lTVEVNIChMb2NhbCBTZXJ2aWNlIEFjY291bnRzKQogICAgIyBMb2dpbiBOYW1lCiAgICAjICAgcHJpbmNpcGFsIChMb2NhbC9Mb2NhbCBTZXJ2aWNlIEFjY291bnRzKQoKICAgIHRyeSB7CiAgICAgICAgJHNpZCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuU2VjdXJpdHlJZGVudGlmaWVyIC1Bcmd1bWVudExpc3QgJGFjY291bnRfbmFtZQogICAgICAgIHJldHVybiAkc2lkLlZhbHVlCiAgICB9IGNhdGNoIHt9CgogICAgaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipcKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIlxcIgogICAgICAgIGlmICgkYWNjb3VudF9uYW1lX3NwbGl0WzBdIC1lcSAiLiIpIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRlbnY6Q09NUFVURVJOQU1FCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMF0KICAgICAgICB9CiAgICAgICAgJHVzZXJuYW1lID0gJGFjY291bnRfbmFtZV9zcGxpdFsxXQogICAgfSBlbHNlaWYgKCRhY2NvdW50X25hbWUgLWxpa2UgIipAKiIpIHsKICAgICAgICAkYWNjb3VudF9uYW1lX3NwbGl0ID0gJGFjY291bnRfbmFtZSAtc3BsaXQgIkAiCiAgICAgICAgJGRvbWFpbiA9ICRhY2NvdW50X25hbWVfc3BsaXRbMV0KICAgICAgICAkdXNlcm5hbWUgPSAkYWNjb3VudF9uYW1lX3NwbGl0WzBdCiAgICB9IGVsc2UgewogICAgICAgICRkb21haW4gPSAkbnVsbAogICAgICAgICR1c2VybmFtZSA9ICRhY2NvdW50X25hbWUKICAgIH0KCiAgICBpZiAoJGRvbWFpbikgewogICAgICAgICMgc2VhcmNoaW5nIGZvciBhIGxvY2FsIGdyb3VwIHdpdGggdGhlIHNlcnZlcm5hbWUgcHJlZml4ZWQgd2lsbCBmYWlsLAogICAgICAgICMgbmVlZCB0byBjaGVjayBmb3IgdGhpcyBzaXR1YXRpb24gYW5kIG9ubHkgdXNlIE5UQWNjb3VudChTdHJpbmcpCiAgICAgICAgaWYgKCRkb21haW4gLWVxICRlbnY6Q09NUFVURVJOQU1FKSB7CiAgICAgICAgICAgICRhZHNpID0gW0FEU0ldKCJXaW5OVDovLyRlbnY6Q09NUFVURVJOQU1FLGNvbXB1dGVyIikKICAgICAgICAgICAgJGdyb3VwID0gJGFkc2kucHNiYXNlLmNoaWxkcmVuIHwgV2hlcmUtT2JqZWN0IHsgJF8uc2NoZW1hQ2xhc3NOYW1lIC1lcSAiZ3JvdXAiIC1hbmQgJF8uTmFtZSAtZXEgJHVzZXJuYW1lIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZ3JvdXAgPSAkbnVsbAogICAgICAgIH0KICAgICAgICBpZiAoJGdyb3VwKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJGFjY291bnQgPSBOZXctT2JqZWN0IFN5c3RlbS5TZWN1cml0eS5QcmluY2lwYWwuTlRBY2NvdW50KCRkb21haW4sICR1c2VybmFtZSkKICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICMgd2hlbiBpbiBhIGRvbWFpbiBOVEFjY291bnQoU3RyaW5nKSB3aWxsIGZhdm91ciBkb21haW4gbG9va3VwcyBjaGVjawogICAgICAgICMgaWYgdXNlcm5hbWUgaXMgYSBsb2NhbCB1c2VyIGFuZCBleHBsaWN0bHkgc2VhcmNoIG9uIHRoZSBsb2NhbGhvc3QgZm9yCiAgICAgICAgIyB0aGF0IGFjY291bnQKICAgICAgICAkYWRzaSA9IFtBRFNJXSgiV2luTlQ6Ly8kZW52OkNPTVBVVEVSTkFNRSxjb21wdXRlciIpCiAgICAgICAgJHVzZXIgPSAkYWRzaS5wc2Jhc2UuY2hpbGRyZW4gfCBXaGVyZS1PYmplY3QgeyAkXy5zY2hlbWFDbGFzc05hbWUgLWVxICJ1c2VyIiAtYW5kICRfLk5hbWUgLWVxICR1c2VybmFtZSB9CiAgICAgICAgaWYgKCR1c2VyKSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkZW52OkNPTVBVVEVSTkFNRSwgJHVzZXJuYW1lKQogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICRhY2NvdW50ID0gTmV3LU9iamVjdCBTeXN0ZW0uU2VjdXJpdHkuUHJpbmNpcGFsLk5UQWNjb3VudCgkdXNlcm5hbWUpCiAgICAgICAgfQogICAgfQogICAgCiAgICB0cnkgewogICAgICAgICRhY2NvdW50X3NpZCA9ICRhY2NvdW50LlRyYW5zbGF0ZShbU3lzdGVtLlNlY3VyaXR5LlByaW5jaXBhbC5TZWN1cml0eUlkZW50aWZpZXJdKQogICAgfSBjYXRjaCB7CiAgICAgICAgRmFpbC1Kc29uIEB7fSAiYWNjb3VudF9uYW1lICRhY2NvdW50X25hbWUgaXMgbm90IGEgdmFsaWQgYWNjb3VudCwgY2Fubm90IGdldCBTSUQ6ICQoJF8uRXhjZXB0aW9uLk1lc3NhZ2UpIgogICAgfQogICAgCiAgICByZXR1cm4gJGFjY291bnRfc2lkLlZhbHVlCn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVk ScriptBlock ID: 8d5c8d95-1d32-461d-9d74-fb5fa63bec5d Path:	4104	1		3	2	15	0	1453	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	1892	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0005-c309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1452	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0001-9eef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3832 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1451	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	2092	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0001-9eef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1450	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3832	536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:55 PM	1909dffc-a75a-0001-9eef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1449	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3504	4648	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3504 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1448	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3504	2536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1447	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3504	4648	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1446	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2080	1688	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2080 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1445	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2080	4620	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1444	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2080	1688	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0005-b309-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 60a7c96c-6d56-454a-a590-06a0622ba290 Path:	4104	1		3	2	15	0	1443	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1976	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:54 PM	1909dffc-a75a-0002-faec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 76f3cbca-6e53-4640-a974-90b3add29620 Path:	4104	1		3	2	15	0	1442	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1244	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0002-edec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 63b1df2e-63c2-4684-a6ce-c70dbfe282f5 Path:	4104	1		3	2	15	0	1441	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1244	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0002-deec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-os-win.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547371.74-178702367030080\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-os-win.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547371.74-178702367030080'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 86adfebb-157f-4476-8765-48a3e6e8ff41 Path:	4104	1		3	2	15	0	1440	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1244	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0003-97ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): lzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICA ScriptBlock ID: 86adfebb-157f-4476-8765-48a3e6e8ff41 Path:	4104	1		3	2	15	0	1439	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1244	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0003-97ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLW ScriptBlock ID: 86adfebb-157f-4476-8765-48a3e6e8ff41 Path:	4104	1		3	2	15	0	1438	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	1244	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0003-97ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1437	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	4340	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0005-b009-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3492 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1436	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	940	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0005-b009-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1435	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3492	4340	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:53 PM	1909dffc-a75a-0005-b009-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659547371.74-178702367030080\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 2d5e27e2-0ce6-42e9-9d02-496d110d2361 Path:	4104	1		3	2	15	0	1434	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	3920	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0000-44f0-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1433	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0004-6a38-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4540 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1432	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	924	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0004-6a38-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1431	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4540	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0004-6a38-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1430	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3216	5096	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0005-a509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3216 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1429	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3216	4296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0005-a509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1428	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3216	5096	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0005-a509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1427	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	1060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:52 PM	1909dffc-a75a-0005-a109-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1064 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1426	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	3748	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:51 PM	1909dffc-a75a-0005-a109-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1425	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1064	1060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:51 PM	1909dffc-a75a-0005-a109-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 076de302-2ecf-41bc-b249-2c4de1d7da61 Path:	4104	1		3	2	15	0	1424	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4964	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:51 PM	1909dffc-a75a-0001-79ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 08f668ee-1a9c-4554-a793-eef5b1ab1ae8 Path:	4104	1		3	2	15	0	1423	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:51 PM	1909dffc-a75a-0001-6cef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 541f520e-48aa-4469-9563-22a8c0805e5e Path:	4104	1		3	2	15	0	1422	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:51 PM	1909dffc-a75a-0001-5def-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): block]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: ed8583d3-d930-4932-86e9-476b7909d756 Path:	4104	1		3	2	15	0	1421	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0001-57ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): ZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-os-win.log", "checksum": "42ed4d9dbd4b28bf862612a1e34026b1a85b9c8b", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-5686xtZq9a/tmpHZcFjc"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([script ScriptBlock ID: ed8583d3-d930-4932-86e9-476b7909d756 Path:	4104	1		3	2	15	0	1420	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0001-57ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): W0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIE ScriptBlock ID: ed8583d3-d930-4932-86e9-476b7909d756 Path:	4104	1		3	2	15	0	1419	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0001-57ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): 3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyY ScriptBlock ID: ed8583d3-d930-4932-86e9-476b7909d756 Path:	4104	1		3	2	15	0	1418	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0001-57ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc ScriptBlock ID: ed8583d3-d930-4932-86e9-476b7909d756 Path:	4104	1		3	2	15	0	1417	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	4128	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0001-57ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1416	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3512	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0005-9509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2556 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1415	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	5052	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0005-9509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1414	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2556	3512	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:50 PM	1909dffc-a75a-0005-9509-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1413	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4764	92	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:36 PM	1909dffc-a75a-0004-3338-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4764 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1412	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4764	3536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:36 PM	1909dffc-a75a-0004-3338-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1411	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4764	92	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:36 PM	1909dffc-a75a-0004-3338-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 5e202f53-27a6-4053-83ff-13e1ace7e5a0 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 59321a9d-614e-474a-932c-dd9f23e23447 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1410	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	2760	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:36 PM	1909dffc-a75a-0003-5bec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: f195239f-fc0e-48a7-a8b9-d2b6b1f4de34 Path:	4104	1		3	2	15	0	1409	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-38ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 7a024368-7147-4204-a224-bcf78fe1e5eb Path:	4104	1		3	2	15	0	1408	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-31ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 72a7c1c1-1f94-4036-b2e6-424a44ee0179 Path:	4104	1		3	2	15	0	1407	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-22ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): R1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\os-win", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: a76699c3-b951-4ebd-a56f-ea29b0e90358 Path:	4104	1		3	2	15	0	1406	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): zdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYX ScriptBlock ID: a76699c3-b951-4ebd-a56f-ea29b0e90358 Path:	4104	1		3	2	15	0	1405	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): AgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJ ScriptBlock ID: a76699c3-b951-4ebd-a56f-ea29b0e90358 Path:	4104	1		3	2	15	0	1404	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgIC ScriptBlock ID: a76699c3-b951-4ebd-a56f-ea29b0e90358 Path:	4104	1		3	2	15	0	1403	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3884	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:35 PM	1909dffc-a75a-0003-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1402	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	2396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:34 PM	1909dffc-a75a-0005-7409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3352 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1401	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	3472	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:34 PM	1909dffc-a75a-0005-7409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1400	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3352	2396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:34 PM	1909dffc-a75a-0005-7409-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 41dbf0e9-69c0-47e0-be49-562096178cc2 Path:	4104	1		3	2	15	0	1399	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:33 PM	1909dffc-a75a-0000-09f0-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: b2da00f6-a975-4a98-bae0-2f2a4c23f29a Path:	4104	1		3	2	15	0	1398	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:33 PM	1909dffc-a75a-0005-5809-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): HBvcnQpIHsKCQkkcmVzdWx0LmRpZmYgPSBAewoJCQliZWZvcmUgPSAkYmVmb3JlIC1qb2luICRsaW5lc2VwOwoJCX0KCX0KCgkjIENvbXBpbGUgdGhlIHJlZ2V4IHNwZWNpZmllZCwgaWYgcHJvdmlkZWQKCSRjcmUgPSAkbnVsbDsKCUlmICgkcmVnZXhwKSB7CgkJJGNyZSA9IE5ldy1PYmplY3QgUmVnZXggJHJlZ2V4cCwgJ0NvbXBpbGVkJzsKCX0KCgkkZm91bmQgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7CgkkbGVmdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdDsKCglGb3JlYWNoICgkY3VyX2xpbmUgaW4gJGxpbmVzKSB7CgkJSWYgKCRyZWdleHApIHsKCQkJJG0gPSAkY3JlLk1hdGNoKCRjdXJfbGluZSk7CgkJCSRtYXRjaF9mb3VuZCA9ICRtLlN1Y2Nlc3M7CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkZm91bmQuQWRkKCRjdXJfbGluZSk7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCX0KCQlFbHNlIHsKCQkJJGxlZnQuQWRkKCRjdXJfbGluZSk7CgkJfQoJfQoKCSMgV3JpdGUgY2hhbmdlcyB0byB0aGUgcGF0aCBpZiBjaGFuZ2VzIHdlcmUgbWFkZQoJSWYgKCRyZXN1bHQuY2hhbmdlZCkgewoKCQkjIFdyaXRlIGJhY2t1cCBmaWxlIGlmIGJhY2t1cCA9PSAieWVzIgoJCUlmICgkYmFja3VwKSB7CgkJCSRyZXN1bHQuYmFja3VwID0gQmFja3VwRmlsZSAkcGF0aCAkY2hlY2tfbW9kZTsKCQl9CgoJCSRhZnRlciA9IFdyaXRlTGluZXMgJGxlZnQgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgkkcmVzdWx0LmZvdW5kID0gJGZvdW5kLkNvdW50OwoJJHJlc3VsdC5tc2cgPSAiJCgkZm91bmQuQ291bnQpIGxpbmUocykgcmVtb3ZlZCI7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIFBhcnNlIHRoZSBwYXJhbWV0ZXJzIGZpbGUgZHJvcHBlZCBieSB0aGUgQW5zaWJsZSBtYWNoaW5lcnkKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWU7CiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgIl9hbnNpYmxlX2NoZWNrX21vZGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiRkaWZmX3N1cHBvcnQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKCiMgSW5pdGlhbGl6ZSBkZWZhdWx0cyBmb3IgaW5wdXQgcGFyYW1ldGVycy4KJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicGF0aCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZSAtYWxpYXNlcyAiZGVzdCIsImRlc3RmaWxlIiwibmFtZSI7CiRyZWdleHAgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicmVnZXhwIiAtdHlwZSAic3RyIjsKJHN0YXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInN0YXRlIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAicHJlc2VudCIgLXZhbGlkYXRlc2V0ICJwcmVzZW50IiwiYWJzZW50IjsKJGxpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAibGluZSIgLXR5cGUgInN0ciI7CiRiYWNrcmVmcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrcmVmcyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGluc2VydGFmdGVyID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImluc2VydGFmdGVyIiAtdHlwZSAic3RyIjsKJGluc2VydGJlZm9yZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJpbnNlcnRiZWZvcmUiIC10eXBlICJzdHIiOwokY3JlYXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImNyZWF0ZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGJhY2t1cCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrdXAiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiR2YWxpZGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ2YWxpZGF0ZSIgLXR5cGUgInN0ciI7CiRlbmNvZGluZyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJlbmNvZGluZyIgLXR5cGUgInN0ciIgLWRlZmF1bHQgImF1dG8iOwokbmV3bGluZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJuZXdsaW5lIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAid2luZG93cyIgLXZhbGlkYXRlc2V0ICJ1bml4Iiwid2luZG93cyI7CgojIEZhaWwgaWYgdGhlIHBhdGggaXMgbm90IGEgZmlsZQpJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCAtUGF0aFR5cGUgImNvbnRhaW5lciIpIHsKCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggaXMgYSBkaXJlY3RvcnkiOwp9CgojIERlZmF1bHQgdG8gd2luZG93cyBsaW5lIHNlcGFyYXRvciAtIHByb2JhYmx5IG1vc3QgY29tbW9uCiRsaW5lc2VwID0gImByYG4iCklmICgkbmV3bGluZSAtZXEgInVuaXgiKSB7CgkkbGluZXNlcCA9ICJgbiI7Cn0KCiMgRmlndXJlIG91dCB0aGUgcHJvcGVyIGVuY29kaW5nIHRvIHVzZSBmb3IgcmVhZGluZyAvIHdyaXRpbmcgdGhlIHRhcmdldCBmaWxlLgoKIyBUaGUgZGVmYXVsdCBlbmNvZGluZyBpcyBVVEYtOCB3aXRob3V0IEJPTQokZW5jb2RpbmdvYmogPSBbU3lzdGVtLlRleHQuVVRGOEVuY29kaW5nXSAkZmFsc2U7CgojIElmIGFuIGV4cGxpY2l0IGVuY29kaW5nIGlzIHNwZWNpZmllZCwgdXNlIHRoYXQgaW5zdGVhZApJZiAoJGVuY29kaW5nIC1uZSAiYXV0byIpIHsKCSRlbmNvZGluZ29iaiA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5nKCRlbmNvZGluZyk7Cn0KCiMgT3RoZXJ3aXNlIHNlZSBpZiB3ZSBjYW4gZGV0ZXJtaW5lIHRoZSBjdXJyZW50IGVuY29kaW5nIG9mIHRoZSB0YXJnZXQgZmlsZS4KIyBJZiB0aGUgZmlsZSBkb2Vzbid0IGV4aXN0IHlldCAoY3JlYXRlID09ICd5ZXMnKSB3ZSB1c2UgdGhlIGRlZmF1bHQgb3IKIyBleHBsaWNpdGx5IHNwZWNpZmllZCBlbmNvZGluZyBzZXQgYWJvdmUuCkVsc2VJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewoKCSMgR2V0IGEgc29ydGVkIGxpc3Qgb2YgZW5jb2RpbmdzIHdpdGggcHJlYW1ibGVzLCBsb25nZXN0IGZpcnN0CgkkbWF4X3ByZWFtYmxlX2xlbiA9IDA7Cgkkc29ydGVkbGlzdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLlNvcnRlZExpc3Q7CglGb3JlYWNoICgkZW5jb2RpbmdpbmZvIGluIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5ncygpKSB7CgkJJGVuY29kaW5nID0gJGVuY29kaW5naW5mby5HZXRFbmNvZGluZygpOwoJCSRwbGVuID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCkuTGVuZ3RoOwoJCUlmICgkcGxlbiAtZ3QgJG1heF9wcmVhbWJsZV9sZW4pIHsKCQkJJG1heF9wcmVhbWJsZV9sZW4gPSAkcGxlbjsKCQl9CgkJSWYgKCRwbGVuIC1ndCAwKSB7CgkJCSRzb3J0ZWRsaXN0LkFkZCgtKCRwbGVuICogMTAwMDAwMCArICRlbmNvZGluZy5Db2RlUGFnZSksICRlbmNvZGluZyk7CgkJfQoJfQoKCSMgR2V0IHRoZSBmaXJzdCBOIGJ5dGVzIGZyb20gdGhlIGZpbGUsIHdoZXJlIE4gaXMgdGhlIG1heCBwcmVhbWJsZSBsZW5ndGggd2Ugc2F3CglbQnl0ZVtdXSRib20gPSBHZXQtQ29udGVudCAtRW5jb2RpbmcgQnl0ZSAtUmVhZENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1Ub3RhbENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1MaXRlcmFsUGF0aCAkcGF0aDsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgc29ydGVkIGVuY29kaW5ncywgbG9va2luZyBmb3IgYSBmdWxsIG1hdGNoLgoJJGZvdW5kID0gJGZhbHNlOwoJRm9yZWFjaCAoJGVuY29kaW5nIGluICRzb3J0ZWRsaXN0LkdldFZhbHVlTGlzdCgpKSB7CgkJJHByZWFtYmxlID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCk7CgkJSWYgKCRwcmVhbWJsZSAtYW5kICRib20pIHsKCQkJRm9yZWFjaCAoJGkgaW4gMC4uKCRwcmVhbWJsZS5MZW5ndGggLSAxKSkgewoJCQkJSWYgKCRpIC1nZSAkYm9tLkxlbmd0aCkgewoJCQkJCWJyZWFrOwoJCQkJfQoJCQkJSWYgKCRwcmVhbWJsZVskaV0gLW5lICRib21bJGldKSB7CgkJCQkJYnJlYWs7CgkJCQl9CgkJCQlFbHNlSWYgKCRpICsgMSAtZXEgJHByZWFtYmxlLkxlbmd0aCkgewoJCQkJCSRlbmNvZGluZ29iaiA9ICRlbmNvZGluZzsKCQkJCQkkZm91bmQgPSAkdHJ1ZTsKCQkJCX0KCQkJfQoJCQlJZiAoJGZvdW5kKSB7CgkJCQlicmVhazsKCQkJfQoJCX0KCX0KfQoKCiMgTWFpbiBkaXNwYXRjaCAtIGJhc2VkIG9uIHRoZSB2YWx1ZSBvZiAnc3RhdGUnLCBwZXJmb3JtIGFyZ3VtZW50IHZhbGlkYXRpb24gYW5kCiMgY2FsbCB0aGUgYXBwcm9wcmlhdGUgaGFuZGxlciBmdW5jdGlvbi4KSWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CgoJSWYgKCRiYWNrcmVmcyAtYW5kIC1ub3QgJHJlZ2V4cCkgewoJICAgIEZhaWwtSnNvbiBAe30gInJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBiYWNrcmVmcz10cnVlIjsKCX0KCglJZiAoLW5vdCAkbGluZSkgewoJCUZhaWwtSnNvbiBAe30gImxpbmU9IGlzIHJlcXVpcmVkIHdpdGggc3RhdGU9cHJlc2VudCI7Cgl9CgoJSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YWZ0ZXIpIHsKCQlBZGQtV2FybmluZyAkcmVzdWx0ICJCb3RoIGluc2VydGJlZm9yZSBhbmQgaW5zZXJ0YWZ0ZXIgcGFyYW1ldGVycyBmb3VuZCwgaWdub3JpbmcgYCJpbnNlcnRhZnRlcj0kaW5zZXJ0YWZ0ZXJgIiIKCX0KCglJZiAoLW5vdCAkaW5zZXJ0YmVmb3JlIC1hbmQgLW5vdCAkaW5zZXJ0YWZ0ZXIpIHsKCQkkaW5zZXJ0YWZ0ZXIgPSAiRU9GIjsKCX0KCglQcmVzZW50ICRwYXRoICRyZWdleHAgJGxpbmUgJGluc2VydGFmdGVyICRpbnNlcnRiZWZvcmUgJGNyZWF0ZSAkYmFja3VwICRiYWNrcmVmcyAkdmFsaWRhdGUgJGVuY29kaW5nb2JqICRsaW5lc2VwICRjaGVja19tb2RlICRkaWZmX3N1cHBvcnQ7Cgp9CkVsc2VJZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewoKCUlmICgtbm90ICRyZWdleHAgLWFuZCAtbm90ICRsaW5lKSB7CgkJRmFpbC1Kc29uIEB7fSAib25lIG9mIGxpbmU9IG9yIHJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBzdGF0ZT1hYnNlbnQiOwoJfQoKCUFic2VudCAkcGF0aCAkcmVnZXhwICRsaW5lICRiYWNrdXAgJHZhbGlkYXRlICRlbmNvZGluZ29iaiAkbGluZXNlcCAkY2hlY2tfbW9kZSAkZGlmZl9zdXBwb3J0Owp9Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "regexp": "^os-win[^-] *.*(@|<|>|=).*", "newline": "unix", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt", "line": "os-win @ file:///C:/openstack/build/os-win#egg=os-win", "_ansible_tmpdir": null, "_ansible_module_name": "win_lineinfile", "_ansible_debug": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 77f62c9a-5f9d-49b6-9fe8-6863c32d7dde Path:	4104	1		3	2	15	0	1397	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-25ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): WVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCmZ1bmN0aW9uIFdyaXRlTGluZXMoJG91dGxpbmVzLCAkcGF0aCwgJGxpbmVzZXAsICRlbmNvZGluZ29iaiwgJHZhbGlkYXRlLCAkY2hlY2tfbW9kZSkgewoJVHJ5IHsKCQkkdGVtcHBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRUZW1wRmlsZU5hbWUoKTsKCX0KCUNhdGNoIHsKCQlGYWlsLUpzb24gQHt9ICJDYW5ub3QgY3JlYXRlIHRlbXBvcmFyeSBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCSRqb2luZWQgPSAkb3V0bGluZXMgLWpvaW4gJGxpbmVzZXA7CglbU3lzdGVtLklPLkZpbGVdOjpXcml0ZUFsbFRleHQoJHRlbXBwYXRoLCAkam9pbmVkLCAkZW5jb2RpbmdvYmopOwoKCUlmICgkdmFsaWRhdGUpIHsKCgkJSWYgKC1ub3QgKCR2YWxpZGF0ZSAtbGlrZSAiKiVzKiIpKSB7CgkJCUZhaWwtSnNvbiBAe30gInZhbGlkYXRlIG11c3QgY29udGFpbiAlczogJHZhbGlkYXRlIjsKCQl9CgoJCSR2YWxpZGF0ZSA9ICR2YWxpZGF0ZS5SZXBsYWNlKCIlcyIsICR0ZW1wcGF0aCk7CgoJCSRwYXJ0cyA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkdmFsaWRhdGUuU3BsaXQoIiAiKTsKCQkkY21kbmFtZSA9ICRwYXJ0c1swXTsKCgkJJGNtZGFyZ3MgPSAkdmFsaWRhdGUuU3Vic3RyaW5nKCRjbWRuYW1lLkxlbmd0aCArIDEpOwoKCQkkcHJvY2VzcyA9IFtEaWFnbm9zdGljcy5Qcm9jZXNzXTo6U3RhcnQoJGNtZG5hbWUsICRjbWRhcmdzKTsKCQkkcHJvY2Vzcy5XYWl0Rm9yRXhpdCgpOwoKCQlJZiAoJHByb2Nlc3MuRXhpdENvZGUgLW5lIDApIHsKCQkJW3N0cmluZ10gJG91dHB1dCA9ICRwcm9jZXNzLlN0YW5kYXJkT3V0cHV0LlJlYWRUb0VuZCgpOwoJCQlbc3RyaW5nXSAkZXJyb3IgPSAkcHJvY2Vzcy5TdGFuZGFyZEVycm9yLlJlYWRUb0VuZCgpOwoJCQlSZW1vdmUtSXRlbSAkdGVtcHBhdGggLWZvcmNlOwoJCQlGYWlsLUpzb24gQHt9ICJmYWlsZWQgdG8gdmFsaWRhdGUgJGNtZG5hbWUgJGNtZGFyZ3Mgd2l0aCBlcnJvcjogJG91dHB1dCAkZXJyb3IiOwoJCX0KCgl9CgoJIyBDb21taXQgY2hhbmdlcyB0byB0aGUgcGF0aAoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJVHJ5IHsKCQlDb3B5LUl0ZW0gJHRlbXBwYXRoICRjbGVhbnBhdGggLWZvcmNlIC1FcnJvckFjdGlvbiBTdG9wIC1XaGF0SWY6JGNoZWNrX21vZGU7Cgl9CglDYXRjaCB7CgkJRmFpbC1Kc29uIEB7fSAiQ2Fubm90IHdyaXRlIHRvOiAkY2xlYW5wYXRoICgkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSkiOwoJfQoKCVRyeSB7CgkJUmVtb3ZlLUl0ZW0gJHRlbXBwYXRoIC1mb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCByZW1vdmUgdGVtcG9yYXJ5IGZpbGU6ICR0ZW1wcGF0aCAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCglyZXR1cm4gJGpvaW5lZDsKCn0KCgojIEJhY2t1cCB0aGUgZmlsZSBzcGVjaWZpZWQgd2l0aCBhIGRhdGUvdGltZSBmaWxlbmFtZQpmdW5jdGlvbiBCYWNrdXBGaWxlKCRwYXRoLCAkY2hlY2tfbW9kZSkgewoJJGJhY2t1cHBhdGggPSAkcGF0aCArICIuIiArIFtEYXRlVGltZV06Ok5vdy5Ub1N0cmluZygieXl5eU1NZGQtSEhtbXNzIik7CglUcnkgewoJCUNvcHktSXRlbSAkcGF0aCAkYmFja3VwcGF0aCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCBjb3B5IGJhY2t1cCBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCXJldHVybiAkYmFja3VwcGF0aDsKfQoKCiMgSW1wbGVtZW50IHRoZSBmdW5jdGlvbmFsaXR5IGZvciBzdGF0ZSA9PSAncHJlc2VudCcKZnVuY3Rpb24gUHJlc2VudCgkcGF0aCwgJHJlZ2V4cCwgJGxpbmUsICRpbnNlcnRhZnRlciwgJGluc2VydGJlZm9yZSwgJGNyZWF0ZSwgJGJhY2t1cCwgJGJhY2tyZWZzLCAkdmFsaWRhdGUsICRlbmNvZGluZ29iaiwgJGxpbmVzZXAsICRjaGVja19tb2RlLCAkZGlmZl9zdXBwb3J0KSB7CgoJIyBOb3RlIHRoYXQgd2UgaGF2ZSB0byBjbGVhbiB1cCB0aGUgcGF0aCBiZWNhdXNlIGFuc2libGUgd2FudHMgdG8gdHJlYXQgLyBhbmQgXCBhcwoJIyBpbnRlcmNoYW5nZWFibGUgaW4gd2luZG93cyBwYXRobmFtZXMsIGJ1dCAuTkVUIGZyYW1ld29yayBpbnRlcm5hbHMgZG8gbm90IHN1cHBvcnQgdGhhdC4KCSRjbGVhbnBhdGggPSAkcGF0aC5SZXBsYWNlKCIvIiwgIlwiKTsKCgkjIENoZWNrIGlmIHBhdGggZXhpc3RzLiBJZiBpdCBkb2VzIG5vdCBleGlzdCwgZWl0aGVyIGNyZWF0ZSBpdCBpZiBjcmVhdGUgPT0gInllcyIKCSMgd2FzIHNwZWNpZmllZCBvciBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlJZiAoLW5vdCAkY3JlYXRlKSB7CgkJCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggZG9lcyBub3QgZXhpc3QgISI7CgkJfQoJCSMgQ3JlYXRlIG5ldyBlbXB0eSBmaWxlLCB1c2luZyB0aGUgc3BlY2lmaWVkIGVuY29kaW5nIHRvIHdyaXRlIGNvcnJlY3QgQk9NCgkJW1N5c3RlbS5JTy5GaWxlXTo6V3JpdGVBbGxMaW5lcygkY2xlYW5wYXRoLCAiIiwgJGVuY29kaW5nb2JqKTsKCX0KCgkjIEluaXRpYWxpemUgcmVzdWx0IGluZm9ybWF0aW9uCgkkcmVzdWx0ID0gQHsKCQliYWNrdXAgPSAiIjsKCQljaGFuZ2VkID0gJGZhbHNlOwoJCW1zZyA9ICIiOwoJfQoKCSMgUmVhZCB0aGUgZGVzdCBmaWxlIGxpbmVzIHVzaW5nIHRoZSBpbmRpY2F0ZWQgZW5jb2RpbmcgaW50byBhIG11dGFibGUgQXJyYXlMaXN0LgoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopCglJZiAoJGJlZm9yZSAtZXEgJG51bGwpIHsKCQkkbGluZXMgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7Cgl9CglFbHNlIHsKCQkkbGluZXMgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0gJGJlZm9yZTsKCX0KCglpZiAoJGRpZmZfc3VwcG9ydCkgewoJCSRyZXN1bHQuZGlmZiA9IEB7CgkJCWJlZm9yZSA9ICRiZWZvcmUgLWpvaW4gJGxpbmVzZXA7CgkJfQoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggc3BlY2lmaWVkLCBpZiBwcm92aWRlZAoJJG1yZSA9ICRudWxsOwoJSWYgKCRyZWdleHApIHsKCQkkbXJlID0gTmV3LU9iamVjdCBSZWdleCAkcmVnZXhwLCAnQ29tcGlsZWQnOwoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggZm9yIGluc2VydGFmdGVyIG9yIGluc2VydGJlZm9yZSwgaWYgcHJvdmlkZWQKCSRpbnNyZSA9ICRudWxsOwoJSWYgKCRpbnNlcnRhZnRlciAtYW5kICRpbnNlcnRhZnRlciAtbmUgIkJPRiIgLWFuZCAkaW5zZXJ0YWZ0ZXIgLW5lICJFT0YiKSB7CgkJJGluc3JlID0gTmV3LU9iamVjdCBSZWdleCAkaW5zZXJ0YWZ0ZXIsICdDb21waWxlZCc7Cgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YmVmb3JlIC1uZSAiQk9GIikgewoJCSRpbnNyZSA9IE5ldy1PYmplY3QgUmVnZXggJGluc2VydGJlZm9yZSwgJ0NvbXBpbGVkJzsKCX0KCgkjIGluZGV4WzBdIGlzIHRoZSBsaW5lIG51bSB3aGVyZSByZWdleHAgaGFzIGJlZW4gZm91bmQKCSMgaW5kZXhbMV0gaXMgdGhlIGxpbmUgbnVtIHdoZXJlIGluc2VydGFmdGVyL2luc2VyYmVmb3JlIGhhcyBiZWVuIGZvdW5kCgkkaW5kZXggPSAtMSwgLTE7CgkkbGluZW5vID0gMDsKCgkjIFRoZSBsYXRlc3QgbWF0Y2ggb2JqZWN0IGFuZCBtYXRjaGVkIGxpbmUKCSRtYXRjaGVkX2xpbmUgPSAiIjsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgbGluZXMgaW4gdGhlIGZpbGUgbG9va2luZyBmb3IgbWF0Y2hlcwoJRm9yZWFjaCAoJGN1cl9saW5lIGluICRsaW5lcykgewoJCUlmICgkcmVnZXhwKSB7CgkJCSRtID0gJG1yZS5NYXRjaCgkY3VyX2xpbmUpOwoJCQkkbWF0Y2hfZm91bmQgPSAkbS5TdWNjZXNzOwoJCQlJZiAoJG1hdGNoX2ZvdW5kKSB7CgkJCQkkbWF0Y2hlZF9saW5lID0gJGN1cl9saW5lOwoJCQl9CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkaW5kZXhbMF0gPSAkbGluZW5vOwoJCX0KCQlFbHNlSWYgKCRpbnNyZSAtYW5kICRpbnNyZS5NYXRjaCgkY3VyX2xpbmUpLlN1Y2Nlc3MpIHsKCQkJSWYgKCRpbnNlcnRhZnRlcikgewoJCQkJJGluZGV4WzFdID0gJGxpbmVubyArIDE7CgkJCX0KCQkJSWYgKCRpbnNlcnRiZWZvcmUpIHsKCQkJCSRpbmRleFsxXSA9ICRsaW5lbm87CgkJCX0KCQl9CgkJJGxpbmVubyA9ICRsaW5lbm8gKyAxOwoJfQoKCUlmICgkaW5kZXhbMF0gLW5lIC0xKSB7CgkJSWYgKCRiYWNrcmVmcykgewoJCSAgICAkbmV3X2xpbmUgPSBbcmVnZXhdOjpSZXBsYWNlKCRtYXRjaGVkX2xpbmUsICRyZWdleHAsICRsaW5lKTsKCQl9CgkJRWxzZSB7CgkJCSRuZXdfbGluZSA9ICRsaW5lOwoJCX0KCQlJZiAoJGxpbmVzWyRpbmRleFswXV0gLWNuZSAkbmV3X2xpbmUpIHsKCQkJJGxpbmVzWyRpbmRleFswXV0gPSAkbmV3X2xpbmU7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIHJlcGxhY2VkIjsKCQl9Cgl9CglFbHNlSWYgKCRiYWNrcmVmcykgewoJCSMgTm8gbWF0Y2hlcyAtIG5vLW9wCgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWVxICJCT0YiIC1vciAkaW5zZXJ0YWZ0ZXIgLWVxICJCT0YiKSB7CgkJJGxpbmVzLkluc2VydCgwLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CglFbHNlSWYgKCRpbnNlcnRhZnRlciAtZXEgIkVPRiIgLW9yICRpbmRleFsxXSAtZXEgLTEpIHsKCQkkbGluZXMuQWRkKCRsaW5lKTsKCQkkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZTsKCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIGFkZGVkIjsKCX0KCUVsc2UgewoJCSRsaW5lcy5JbnNlcnQoJGluZGV4WzFdLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CgoJIyBXcml0ZSBjaGFuZ2VzIHRvIHRoZSBwYXRoIGlmIGNoYW5nZXMgd2VyZSBtYWRlCglJZiAoJHJlc3VsdC5jaGFuZ2VkKSB7CgoJCSMgV3JpdGUgYmFja3VwIGZpbGUgaWYgYmFja3VwID09ICJ5ZXMiCgkJSWYgKCRiYWNrdXApIHsKCQkJJHJlc3VsdC5iYWNrdXAgPSBCYWNrdXBGaWxlICRwYXRoICRjaGVja19tb2RlOwoJCX0KCgkJJGFmdGVyID0gV3JpdGVMaW5lcyAkbGluZXMgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIEltcGxlbWVudCB0aGUgZnVuY3Rpb25hbGl0eSBmb3Igc3RhdGUgPT0gJ2Fic2VudCcKZnVuY3Rpb24gQWJzZW50KCRwYXRoLCAkcmVnZXhwLCAkbGluZSwgJGJhY2t1cCwgJHZhbGlkYXRlLCAkZW5jb2RpbmdvYmosICRsaW5lc2VwLCAkY2hlY2tfbW9kZSwgJGRpZmZfc3VwcG9ydCkgewoKCSMgQ2hlY2sgaWYgcGF0aCBleGlzdHMuIElmIGl0IGRvZXMgbm90IGV4aXN0LCBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlGYWlsLUpzb24gQHt9ICJQYXRoICRwYXRoIGRvZXMgbm90IGV4aXN0ICEiOwoJfQoKCSMgSW5pdGlhbGl6ZSByZXN1bHQgaW5mb3JtYXRpb24KCSRyZXN1bHQgPSBAewoJCWJhY2t1cCA9ICIiOwoJCWNoYW5nZWQgPSAkZmFsc2U7CgkJbXNnID0gIiI7Cgl9CgoJIyBSZWFkIHRoZSBkZXN0IGZpbGUgbGluZXMgdXNpbmcgdGhlIGluZGljYXRlZCBlbmNvZGluZyBpbnRvIGEgbXV0YWJsZSBBcnJheUxpc3QuIE5vdGUKCSMgdGhhdCB3ZSBoYXZlIHRvIGNsZWFuIHVwIHRoZSBwYXRoIGJlY2F1c2UgYW5zaWJsZSB3YW50cyB0byB0cmVhdCAvIGFuZCBcIGFzCgkjIGludGVyY2hhbmdlYWJsZSBpbiB3aW5kb3dzIHBhdGhuYW1lcywgYnV0IC5ORVQgZnJhbWV3b3JrIGludGVybmFscyBkbyBub3Qgc3VwcG9ydCB0aGF0LgoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopOwoJSWYgKCRiZWZvcmUgLWVxICRudWxsKSB7CgkJJGxpbmVzID0gTmV3LU9iamVjdCBTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0OwoJfQoJRWxzZSB7CgkJJGxpbmVzID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3RdICRiZWZvcmU7Cgl9CgoJaWYgKCRkaWZmX3N1c ScriptBlock ID: 77f62c9a-5f9d-49b6-9fe8-6863c32d7dde Path:	4104	1		3	2	15	0	1396	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-25ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgL ScriptBlock ID: 77f62c9a-5f9d-49b6-9fe8-6863c32d7dde Path:	4104	1		3	2	15	0	1395	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	1960	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-25ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1394	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	3076	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-22ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1584 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1393	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	2200	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-22ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1392	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1584	3076	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:32 PM	1909dffc-a75a-0001-22ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1391	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4296	2588	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:30 PM	1909dffc-a75a-0005-3e09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4296 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1390	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4296	1704	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:30 PM	1909dffc-a75a-0005-3e09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1389	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4296	2588	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:30 PM	1909dffc-a75a-0005-3e09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 33a27484-d794-41c9-af82-47275d40679f Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 7ec09c44-3ad0-4bde-bb51-c71dcfacc572 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1388	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4208	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:30 PM	1909dffc-a75a-0004-2638-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ff10b7e4-b3a2-4439-8064-4c19a06bac3b Path:	4104	1		3	2	15	0	1387	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-88ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 44ef5856-e6b3-484d-8b48-4a6e659ac0f8 Path:	4104	1		3	2	15	0	1386	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-81ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 53b5cd60-eccd-42f2-ad37-cc8892705df4 Path:	4104	1		3	2	15	0	1385	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-72ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (6 of 6): actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1384	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 6): HN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\os-win\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $ ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1383	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 6): gb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0I ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1382	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 6): oYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQ ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1381	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 6): HVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHR ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1380	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 6): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgc ScriptBlock ID: 267f56e4-7fd6-4f4c-a0fe-d3f48955eea1 Path:	4104	1		3	2	15	0	1379	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0002-6cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1378	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0003-dbeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4792 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1377	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4524	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0003-dbeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1376	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4792	4536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:29 PM	1909dffc-a75a-0003-dbeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1375	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4556	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0003-cfeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4120 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1374	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	1588	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0003-cfeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1373	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4120	4556	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0003-cfeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1372	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3956	1540	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0002-67ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3956 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1371	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3956	4232	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0002-67ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1370	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3956	1540	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0002-67ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 7ce52683-00aa-46bc-abdc-4539488d71c9 Path:	4104	1		3	2	15	0	1369	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	2468	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0002-43ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fcebb37e-8cd2-4989-a627-4cca5dd5c09e Path:	4104	1		3	2	15	0	1368	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:27 PM	1909dffc-a75a-0003-c9eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 1117df06-1145-44a7-aa16-878615edbff5 Path:	4104	1		3	2	15	0	1367	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0002-2cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): ikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-neutron.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547344.99-165038535203617\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-neutron.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547344.99-165038535203617'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4850bf7d-07c8-4d10-884a-56e6eaed87d2 Path:	4104	1		3	2	15	0	1366	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0002-26ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): GdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lc ScriptBlock ID: 4850bf7d-07c8-4d10-884a-56e6eaed87d2 Path:	4104	1		3	2	15	0	1365	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0002-26ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgp ScriptBlock ID: 4850bf7d-07c8-4d10-884a-56e6eaed87d2 Path:	4104	1		3	2	15	0	1364	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0002-26ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1363	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0003-c4eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4068 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1362	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	3788	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0003-c4eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1361	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4068	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0003-c4eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659547344.99-165038535203617\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: bdf055a9-ab90-419f-b0f6-455172836b81 Path:	4104	1		3	2	15	0	1360	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	4396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0000-d2ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1359	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	4836	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:26 PM	1909dffc-a75a-0003-c1eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4180 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1358	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	4424	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0003-c1eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1357	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4180	4836	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0003-c1eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1356	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1464	4688	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0002-22ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1464 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1355	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1464	4788	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0002-22ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1354	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1464	4688	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0002-22ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1353	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0003-b5eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1352	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	596	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0003-b5eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1351	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2944	4948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:25 PM	1909dffc-a75a-0003-b5eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 2b0267b8-d719-4f24-9b4a-0b9f36b348bb Path:	4104	1		3	2	15	0	1350	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	3596	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0000-b4ef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e6a63522-e0e0-4ad0-968f-c7f9f52f81f6 Path:	4104	1		3	2	15	0	1349	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	1948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0002-0fec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 687de5d2-2588-4448-b4ba-61e045e66376 Path:	4104	1		3	2	15	0	1348	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	1948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0002-00ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-neutron.log", "checksum": "db52f12dbb0a5d12794bcd894f8608e4f637c4f1", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-5686xtZq9a/tmpFrryD7"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 3a5894bd-2471-4f1c-aa63-027ff6e6b053 Path:	4104	1		3	2	15	0	1347	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	1948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0002-faeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): AgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiA ScriptBlock ID: 3a5894bd-2471-4f1c-aa63-027ff6e6b053 Path:	4104	1		3	2	15	0	1346	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	1948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0002-faeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgIC ScriptBlock ID: 3a5894bd-2471-4f1c-aa63-027ff6e6b053 Path:	4104	1		3	2	15	0	1345	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	1948	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0002-faeb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1344	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	4196	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0005-1c09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1804 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1343	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	3888	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:24 PM	1909dffc-a75a-0005-1c09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1342	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1804	4196	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:22:23 PM	1909dffc-a75a-0005-1c09-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1341	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	4308	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0002-e3eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4376 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1340	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	5088	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0002-e3eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1339	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4376	4308	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0002-e3eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = ebee1549-3943-4353-a44d-4eb5c77239e2 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 3ab69682-1c41-4d94-90f1-99ae8c781f2b Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1338	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	3548	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0003-6feb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1de622d8-1831-40bc-bb4b-428a6468155c Path:	4104	1		3	2	15	0	1337	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0001-d2ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 52e6c67d-c8c2-442e-a723-8fb9a4d17003 Path:	4104	1		3	2	15	0	1336	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:51 PM	1909dffc-a75a-0001-cbee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9665735c-a25d-4e5e-bbe0-b20f42fc4ff7 Path:	4104	1		3	2	15	0	1335	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0002-cceb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): s_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: d3f1017d-719a-4c50-8a37-8ceee9d26b4a Path:	4104	1		3	2	15	0	1334	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0005-f008-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): CRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\neutron", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_o ScriptBlock ID: d3f1017d-719a-4c50-8a37-8ceee9d26b4a Path:	4104	1		3	2	15	0	1333	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0005-f008-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): QogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgI ScriptBlock ID: d3f1017d-719a-4c50-8a37-8ceee9d26b4a Path:	4104	1		3	2	15	0	1332	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0005-f008-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpK ScriptBlock ID: d3f1017d-719a-4c50-8a37-8ceee9d26b4a Path:	4104	1		3	2	15	0	1331	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0005-f008-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1330	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	4320	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0003-5deb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3184 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1329	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	1236	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0003-5deb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1328	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3184	4320	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:50 PM	1909dffc-a75a-0003-5deb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 3bd3aa41-ad66-4f72-a60c-2fb53c274406 Path:	4104	1		3	2	15	0	1327	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:49 PM	1909dffc-a75a-0002-a2eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 8120e074-d234-4c36-a403-d41924ac2b9e Path:	4104	1		3	2	15	0	1326	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0001-a2ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): nput_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7f23115e-3b5a-48f5-baaf-d72df80d7034 Path:	4104	1		3	2	15	0	1325	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0001-9cee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): WN0aW9ucy5BcnJheUxpc3Q7Cgl9CglFbHNlIHsKCQkkbGluZXMgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0gJGJlZm9yZTsKCX0KCglpZiAoJGRpZmZfc3VwcG9ydCkgewoJCSRyZXN1bHQuZGlmZiA9IEB7CgkJCWJlZm9yZSA9ICRiZWZvcmUgLWpvaW4gJGxpbmVzZXA7CgkJfQoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggc3BlY2lmaWVkLCBpZiBwcm92aWRlZAoJJG1yZSA9ICRudWxsOwoJSWYgKCRyZWdleHApIHsKCQkkbXJlID0gTmV3LU9iamVjdCBSZWdleCAkcmVnZXhwLCAnQ29tcGlsZWQnOwoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggZm9yIGluc2VydGFmdGVyIG9yIGluc2VydGJlZm9yZSwgaWYgcHJvdmlkZWQKCSRpbnNyZSA9ICRudWxsOwoJSWYgKCRpbnNlcnRhZnRlciAtYW5kICRpbnNlcnRhZnRlciAtbmUgIkJPRiIgLWFuZCAkaW5zZXJ0YWZ0ZXIgLW5lICJFT0YiKSB7CgkJJGluc3JlID0gTmV3LU9iamVjdCBSZWdleCAkaW5zZXJ0YWZ0ZXIsICdDb21waWxlZCc7Cgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YmVmb3JlIC1uZSAiQk9GIikgewoJCSRpbnNyZSA9IE5ldy1PYmplY3QgUmVnZXggJGluc2VydGJlZm9yZSwgJ0NvbXBpbGVkJzsKCX0KCgkjIGluZGV4WzBdIGlzIHRoZSBsaW5lIG51bSB3aGVyZSByZWdleHAgaGFzIGJlZW4gZm91bmQKCSMgaW5kZXhbMV0gaXMgdGhlIGxpbmUgbnVtIHdoZXJlIGluc2VydGFmdGVyL2luc2VyYmVmb3JlIGhhcyBiZWVuIGZvdW5kCgkkaW5kZXggPSAtMSwgLTE7CgkkbGluZW5vID0gMDsKCgkjIFRoZSBsYXRlc3QgbWF0Y2ggb2JqZWN0IGFuZCBtYXRjaGVkIGxpbmUKCSRtYXRjaGVkX2xpbmUgPSAiIjsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgbGluZXMgaW4gdGhlIGZpbGUgbG9va2luZyBmb3IgbWF0Y2hlcwoJRm9yZWFjaCAoJGN1cl9saW5lIGluICRsaW5lcykgewoJCUlmICgkcmVnZXhwKSB7CgkJCSRtID0gJG1yZS5NYXRjaCgkY3VyX2xpbmUpOwoJCQkkbWF0Y2hfZm91bmQgPSAkbS5TdWNjZXNzOwoJCQlJZiAoJG1hdGNoX2ZvdW5kKSB7CgkJCQkkbWF0Y2hlZF9saW5lID0gJGN1cl9saW5lOwoJCQl9CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkaW5kZXhbMF0gPSAkbGluZW5vOwoJCX0KCQlFbHNlSWYgKCRpbnNyZSAtYW5kICRpbnNyZS5NYXRjaCgkY3VyX2xpbmUpLlN1Y2Nlc3MpIHsKCQkJSWYgKCRpbnNlcnRhZnRlcikgewoJCQkJJGluZGV4WzFdID0gJGxpbmVubyArIDE7CgkJCX0KCQkJSWYgKCRpbnNlcnRiZWZvcmUpIHsKCQkJCSRpbmRleFsxXSA9ICRsaW5lbm87CgkJCX0KCQl9CgkJJGxpbmVubyA9ICRsaW5lbm8gKyAxOwoJfQoKCUlmICgkaW5kZXhbMF0gLW5lIC0xKSB7CgkJSWYgKCRiYWNrcmVmcykgewoJCSAgICAkbmV3X2xpbmUgPSBbcmVnZXhdOjpSZXBsYWNlKCRtYXRjaGVkX2xpbmUsICRyZWdleHAsICRsaW5lKTsKCQl9CgkJRWxzZSB7CgkJCSRuZXdfbGluZSA9ICRsaW5lOwoJCX0KCQlJZiAoJGxpbmVzWyRpbmRleFswXV0gLWNuZSAkbmV3X2xpbmUpIHsKCQkJJGxpbmVzWyRpbmRleFswXV0gPSAkbmV3X2xpbmU7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIHJlcGxhY2VkIjsKCQl9Cgl9CglFbHNlSWYgKCRiYWNrcmVmcykgewoJCSMgTm8gbWF0Y2hlcyAtIG5vLW9wCgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWVxICJCT0YiIC1vciAkaW5zZXJ0YWZ0ZXIgLWVxICJCT0YiKSB7CgkJJGxpbmVzLkluc2VydCgwLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CglFbHNlSWYgKCRpbnNlcnRhZnRlciAtZXEgIkVPRiIgLW9yICRpbmRleFsxXSAtZXEgLTEpIHsKCQkkbGluZXMuQWRkKCRsaW5lKTsKCQkkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZTsKCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIGFkZGVkIjsKCX0KCUVsc2UgewoJCSRsaW5lcy5JbnNlcnQoJGluZGV4WzFdLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CgoJIyBXcml0ZSBjaGFuZ2VzIHRvIHRoZSBwYXRoIGlmIGNoYW5nZXMgd2VyZSBtYWRlCglJZiAoJHJlc3VsdC5jaGFuZ2VkKSB7CgoJCSMgV3JpdGUgYmFja3VwIGZpbGUgaWYgYmFja3VwID09ICJ5ZXMiCgkJSWYgKCRiYWNrdXApIHsKCQkJJHJlc3VsdC5iYWNrdXAgPSBCYWNrdXBGaWxlICRwYXRoICRjaGVja19tb2RlOwoJCX0KCgkJJGFmdGVyID0gV3JpdGVMaW5lcyAkbGluZXMgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIEltcGxlbWVudCB0aGUgZnVuY3Rpb25hbGl0eSBmb3Igc3RhdGUgPT0gJ2Fic2VudCcKZnVuY3Rpb24gQWJzZW50KCRwYXRoLCAkcmVnZXhwLCAkbGluZSwgJGJhY2t1cCwgJHZhbGlkYXRlLCAkZW5jb2RpbmdvYmosICRsaW5lc2VwLCAkY2hlY2tfbW9kZSwgJGRpZmZfc3VwcG9ydCkgewoKCSMgQ2hlY2sgaWYgcGF0aCBleGlzdHMuIElmIGl0IGRvZXMgbm90IGV4aXN0LCBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlGYWlsLUpzb24gQHt9ICJQYXRoICRwYXRoIGRvZXMgbm90IGV4aXN0ICEiOwoJfQoKCSMgSW5pdGlhbGl6ZSByZXN1bHQgaW5mb3JtYXRpb24KCSRyZXN1bHQgPSBAewoJCWJhY2t1cCA9ICIiOwoJCWNoYW5nZWQgPSAkZmFsc2U7CgkJbXNnID0gIiI7Cgl9CgoJIyBSZWFkIHRoZSBkZXN0IGZpbGUgbGluZXMgdXNpbmcgdGhlIGluZGljYXRlZCBlbmNvZGluZyBpbnRvIGEgbXV0YWJsZSBBcnJheUxpc3QuIE5vdGUKCSMgdGhhdCB3ZSBoYXZlIHRvIGNsZWFuIHVwIHRoZSBwYXRoIGJlY2F1c2UgYW5zaWJsZSB3YW50cyB0byB0cmVhdCAvIGFuZCBcIGFzCgkjIGludGVyY2hhbmdlYWJsZSBpbiB3aW5kb3dzIHBhdGhuYW1lcywgYnV0IC5ORVQgZnJhbWV3b3JrIGludGVybmFscyBkbyBub3Qgc3VwcG9ydCB0aGF0LgoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopOwoJSWYgKCRiZWZvcmUgLWVxICRudWxsKSB7CgkJJGxpbmVzID0gTmV3LU9iamVjdCBTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0OwoJfQoJRWxzZSB7CgkJJGxpbmVzID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3RdICRiZWZvcmU7Cgl9CgoJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkkcmVzdWx0LmRpZmYgPSBAewoJCQliZWZvcmUgPSAkYmVmb3JlIC1qb2luICRsaW5lc2VwOwoJCX0KCX0KCgkjIENvbXBpbGUgdGhlIHJlZ2V4IHNwZWNpZmllZCwgaWYgcHJvdmlkZWQKCSRjcmUgPSAkbnVsbDsKCUlmICgkcmVnZXhwKSB7CgkJJGNyZSA9IE5ldy1PYmplY3QgUmVnZXggJHJlZ2V4cCwgJ0NvbXBpbGVkJzsKCX0KCgkkZm91bmQgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7CgkkbGVmdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdDsKCglGb3JlYWNoICgkY3VyX2xpbmUgaW4gJGxpbmVzKSB7CgkJSWYgKCRyZWdleHApIHsKCQkJJG0gPSAkY3JlLk1hdGNoKCRjdXJfbGluZSk7CgkJCSRtYXRjaF9mb3VuZCA9ICRtLlN1Y2Nlc3M7CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkZm91bmQuQWRkKCRjdXJfbGluZSk7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCX0KCQlFbHNlIHsKCQkJJGxlZnQuQWRkKCRjdXJfbGluZSk7CgkJfQoJfQoKCSMgV3JpdGUgY2hhbmdlcyB0byB0aGUgcGF0aCBpZiBjaGFuZ2VzIHdlcmUgbWFkZQoJSWYgKCRyZXN1bHQuY2hhbmdlZCkgewoKCQkjIFdyaXRlIGJhY2t1cCBmaWxlIGlmIGJhY2t1cCA9PSAieWVzIgoJCUlmICgkYmFja3VwKSB7CgkJCSRyZXN1bHQuYmFja3VwID0gQmFja3VwRmlsZSAkcGF0aCAkY2hlY2tfbW9kZTsKCQl9CgoJCSRhZnRlciA9IFdyaXRlTGluZXMgJGxlZnQgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgkkcmVzdWx0LmZvdW5kID0gJGZvdW5kLkNvdW50OwoJJHJlc3VsdC5tc2cgPSAiJCgkZm91bmQuQ291bnQpIGxpbmUocykgcmVtb3ZlZCI7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIFBhcnNlIHRoZSBwYXJhbWV0ZXJzIGZpbGUgZHJvcHBlZCBieSB0aGUgQW5zaWJsZSBtYWNoaW5lcnkKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWU7CiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgIl9hbnNpYmxlX2NoZWNrX21vZGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiRkaWZmX3N1cHBvcnQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKCiMgSW5pdGlhbGl6ZSBkZWZhdWx0cyBmb3IgaW5wdXQgcGFyYW1ldGVycy4KJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicGF0aCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZSAtYWxpYXNlcyAiZGVzdCIsImRlc3RmaWxlIiwibmFtZSI7CiRyZWdleHAgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicmVnZXhwIiAtdHlwZSAic3RyIjsKJHN0YXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInN0YXRlIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAicHJlc2VudCIgLXZhbGlkYXRlc2V0ICJwcmVzZW50IiwiYWJzZW50IjsKJGxpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAibGluZSIgLXR5cGUgInN0ciI7CiRiYWNrcmVmcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrcmVmcyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGluc2VydGFmdGVyID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImluc2VydGFmdGVyIiAtdHlwZSAic3RyIjsKJGluc2VydGJlZm9yZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJpbnNlcnRiZWZvcmUiIC10eXBlICJzdHIiOwokY3JlYXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImNyZWF0ZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGJhY2t1cCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrdXAiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiR2YWxpZGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ2YWxpZGF0ZSIgLXR5cGUgInN0ciI7CiRlbmNvZGluZyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJlbmNvZGluZyIgLXR5cGUgInN0ciIgLWRlZmF1bHQgImF1dG8iOwokbmV3bGluZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJuZXdsaW5lIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAid2luZG93cyIgLXZhbGlkYXRlc2V0ICJ1bml4Iiwid2luZG93cyI7CgojIEZhaWwgaWYgdGhlIHBhdGggaXMgbm90IGEgZmlsZQpJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCAtUGF0aFR5cGUgImNvbnRhaW5lciIpIHsKCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggaXMgYSBkaXJlY3RvcnkiOwp9CgojIERlZmF1bHQgdG8gd2luZG93cyBsaW5lIHNlcGFyYXRvciAtIHByb2JhYmx5IG1vc3QgY29tbW9uCiRsaW5lc2VwID0gImByYG4iCklmICgkbmV3bGluZSAtZXEgInVuaXgiKSB7CgkkbGluZXNlcCA9ICJgbiI7Cn0KCiMgRmlndXJlIG91dCB0aGUgcHJvcGVyIGVuY29kaW5nIHRvIHVzZSBmb3IgcmVhZGluZyAvIHdyaXRpbmcgdGhlIHRhcmdldCBmaWxlLgoKIyBUaGUgZGVmYXVsdCBlbmNvZGluZyBpcyBVVEYtOCB3aXRob3V0IEJPTQokZW5jb2RpbmdvYmogPSBbU3lzdGVtLlRleHQuVVRGOEVuY29kaW5nXSAkZmFsc2U7CgojIElmIGFuIGV4cGxpY2l0IGVuY29kaW5nIGlzIHNwZWNpZmllZCwgdXNlIHRoYXQgaW5zdGVhZApJZiAoJGVuY29kaW5nIC1uZSAiYXV0byIpIHsKCSRlbmNvZGluZ29iaiA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5nKCRlbmNvZGluZyk7Cn0KCiMgT3RoZXJ3aXNlIHNlZSBpZiB3ZSBjYW4gZGV0ZXJtaW5lIHRoZSBjdXJyZW50IGVuY29kaW5nIG9mIHRoZSB0YXJnZXQgZmlsZS4KIyBJZiB0aGUgZmlsZSBkb2Vzbid0IGV4aXN0IHlldCAoY3JlYXRlID09ICd5ZXMnKSB3ZSB1c2UgdGhlIGRlZmF1bHQgb3IKIyBleHBsaWNpdGx5IHNwZWNpZmllZCBlbmNvZGluZyBzZXQgYWJvdmUuCkVsc2VJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewoKCSMgR2V0IGEgc29ydGVkIGxpc3Qgb2YgZW5jb2RpbmdzIHdpdGggcHJlYW1ibGVzLCBsb25nZXN0IGZpcnN0CgkkbWF4X3ByZWFtYmxlX2xlbiA9IDA7Cgkkc29ydGVkbGlzdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLlNvcnRlZExpc3Q7CglGb3JlYWNoICgkZW5jb2RpbmdpbmZvIGluIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5ncygpKSB7CgkJJGVuY29kaW5nID0gJGVuY29kaW5naW5mby5HZXRFbmNvZGluZygpOwoJCSRwbGVuID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCkuTGVuZ3RoOwoJCUlmICgkcGxlbiAtZ3QgJG1heF9wcmVhbWJsZV9sZW4pIHsKCQkJJG1heF9wcmVhbWJsZV9sZW4gPSAkcGxlbjsKCQl9CgkJSWYgKCRwbGVuIC1ndCAwKSB7CgkJCSRzb3J0ZWRsaXN0LkFkZCgtKCRwbGVuICogMTAwMDAwMCArICRlbmNvZGluZy5Db2RlUGFnZSksICRlbmNvZGluZyk7CgkJfQoJfQoKCSMgR2V0IHRoZSBmaXJzdCBOIGJ5dGVzIGZyb20gdGhlIGZpbGUsIHdoZXJlIE4gaXMgdGhlIG1heCBwcmVhbWJsZSBsZW5ndGggd2Ugc2F3CglbQnl0ZVtdXSRib20gPSBHZXQtQ29udGVudCAtRW5jb2RpbmcgQnl0ZSAtUmVhZENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1Ub3RhbENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1MaXRlcmFsUGF0aCAkcGF0aDsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgc29ydGVkIGVuY29kaW5ncywgbG9va2luZyBmb3IgYSBmdWxsIG1hdGNoLgoJJGZvdW5kID0gJGZhbHNlOwoJRm9yZWFjaCAoJGVuY29kaW5nIGluICRzb3J0ZWRsaXN0LkdldFZhbHVlTGlzdCgpKSB7CgkJJHByZWFtYmxlID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCk7CgkJSWYgKCRwcmVhbWJsZSAtYW5kICRib20pIHsKCQkJRm9yZWFjaCAoJGkgaW4gMC4uKCRwcmVhbWJsZS5MZW5ndGggLSAxKSkgewoJCQkJSWYgKCRpIC1nZSAkYm9tLkxlbmd0aCkgewoJCQkJCWJyZWFrOwoJCQkJfQoJCQkJSWYgKCRwcmVhbWJsZVskaV0gLW5lICRib21bJGldKSB7CgkJCQkJYnJlYWs7CgkJCQl9CgkJCQlFbHNlSWYgKCRpICsgMSAtZXEgJHByZWFtYmxlLkxlbmd0aCkgewoJCQkJCSRlbmNvZGluZ29iaiA9ICRlbmNvZGluZzsKCQkJCQkkZm91bmQgPSAkdHJ1ZTsKCQkJCX0KCQkJfQoJCQlJZiAoJGZvdW5kKSB7CgkJCQlicmVhazsKCQkJfQoJCX0KCX0KfQoKCiMgTWFpbiBkaXNwYXRjaCAtIGJhc2VkIG9uIHRoZSB2YWx1ZSBvZiAnc3RhdGUnLCBwZXJmb3JtIGFyZ3VtZW50IHZhbGlkYXRpb24gYW5kCiMgY2FsbCB0aGUgYXBwcm9wcmlhdGUgaGFuZGxlciBmdW5jdGlvbi4KSWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CgoJSWYgKCRiYWNrcmVmcyAtYW5kIC1ub3QgJHJlZ2V4cCkgewoJICAgIEZhaWwtSnNvbiBAe30gInJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBiYWNrcmVmcz10cnVlIjsKCX0KCglJZiAoLW5vdCAkbGluZSkgewoJCUZhaWwtSnNvbiBAe30gImxpbmU9IGlzIHJlcXVpcmVkIHdpdGggc3RhdGU9cHJlc2VudCI7Cgl9CgoJSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YWZ0ZXIpIHsKCQlBZGQtV2FybmluZyAkcmVzdWx0ICJCb3RoIGluc2VydGJlZm9yZSBhbmQgaW5zZXJ0YWZ0ZXIgcGFyYW1ldGVycyBmb3VuZCwgaWdub3JpbmcgYCJpbnNlcnRhZnRlcj0kaW5zZXJ0YWZ0ZXJgIiIKCX0KCglJZiAoLW5vdCAkaW5zZXJ0YmVmb3JlIC1hbmQgLW5vdCAkaW5zZXJ0YWZ0ZXIpIHsKCQkkaW5zZXJ0YWZ0ZXIgPSAiRU9GIjsKCX0KCglQcmVzZW50ICRwYXRoICRyZWdleHAgJGxpbmUgJGluc2VydGFmdGVyICRpbnNlcnRiZWZvcmUgJGNyZWF0ZSAkYmFja3VwICRiYWNrcmVmcyAkdmFsaWRhdGUgJGVuY29kaW5nb2JqICRsaW5lc2VwICRjaGVja19tb2RlICRkaWZmX3N1cHBvcnQ7Cgp9CkVsc2VJZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewoKCUlmICgtbm90ICRyZWdleHAgLWFuZCAtbm90ICRsaW5lKSB7CgkJRmFpbC1Kc29uIEB7fSAib25lIG9mIGxpbmU9IG9yIHJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBzdGF0ZT1hYnNlbnQiOwoJfQoKCUFic2VudCAkcGF0aCAkcmVnZXhwICRsaW5lICRiYWNrdXAgJHZhbGlkYXRlICRlbmNvZGluZ29iaiAkbGluZXNlcCAkY2hlY2tfbW9kZSAkZGlmZl9zdXBwb3J0Owp9Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "regexp": "^neutron[^-] *.*(@|<|>|=).*", "newline": "unix", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt", "line": "neutron @ file:///C:/openstack/build/neutron#egg=neutron", "_ansible_tmpdir": null, "_ansible_module_name": "win_lineinfile", "_ansible_debug": false}} '@ } process { $i ScriptBlock ID: 7f23115e-3b5a-48f5-baaf-d72df80d7034 Path:	4104	1		3	2	15	0	1324	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0001-9cee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): pZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCmZ1bmN0aW9uIFdyaXRlTGluZXMoJG91dGxpbmVzLCAkcGF0aCwgJGxpbmVzZXAsICRlbmNvZGluZ29iaiwgJHZhbGlkYXRlLCAkY2hlY2tfbW9kZSkgewoJVHJ5IHsKCQkkdGVtcHBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRUZW1wRmlsZU5hbWUoKTsKCX0KCUNhdGNoIHsKCQlGYWlsLUpzb24gQHt9ICJDYW5ub3QgY3JlYXRlIHRlbXBvcmFyeSBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCSRqb2luZWQgPSAkb3V0bGluZXMgLWpvaW4gJGxpbmVzZXA7CglbU3lzdGVtLklPLkZpbGVdOjpXcml0ZUFsbFRleHQoJHRlbXBwYXRoLCAkam9pbmVkLCAkZW5jb2RpbmdvYmopOwoKCUlmICgkdmFsaWRhdGUpIHsKCgkJSWYgKC1ub3QgKCR2YWxpZGF0ZSAtbGlrZSAiKiVzKiIpKSB7CgkJCUZhaWwtSnNvbiBAe30gInZhbGlkYXRlIG11c3QgY29udGFpbiAlczogJHZhbGlkYXRlIjsKCQl9CgoJCSR2YWxpZGF0ZSA9ICR2YWxpZGF0ZS5SZXBsYWNlKCIlcyIsICR0ZW1wcGF0aCk7CgoJCSRwYXJ0cyA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkdmFsaWRhdGUuU3BsaXQoIiAiKTsKCQkkY21kbmFtZSA9ICRwYXJ0c1swXTsKCgkJJGNtZGFyZ3MgPSAkdmFsaWRhdGUuU3Vic3RyaW5nKCRjbWRuYW1lLkxlbmd0aCArIDEpOwoKCQkkcHJvY2VzcyA9IFtEaWFnbm9zdGljcy5Qcm9jZXNzXTo6U3RhcnQoJGNtZG5hbWUsICRjbWRhcmdzKTsKCQkkcHJvY2Vzcy5XYWl0Rm9yRXhpdCgpOwoKCQlJZiAoJHByb2Nlc3MuRXhpdENvZGUgLW5lIDApIHsKCQkJW3N0cmluZ10gJG91dHB1dCA9ICRwcm9jZXNzLlN0YW5kYXJkT3V0cHV0LlJlYWRUb0VuZCgpOwoJCQlbc3RyaW5nXSAkZXJyb3IgPSAkcHJvY2Vzcy5TdGFuZGFyZEVycm9yLlJlYWRUb0VuZCgpOwoJCQlSZW1vdmUtSXRlbSAkdGVtcHBhdGggLWZvcmNlOwoJCQlGYWlsLUpzb24gQHt9ICJmYWlsZWQgdG8gdmFsaWRhdGUgJGNtZG5hbWUgJGNtZGFyZ3Mgd2l0aCBlcnJvcjogJG91dHB1dCAkZXJyb3IiOwoJCX0KCgl9CgoJIyBDb21taXQgY2hhbmdlcyB0byB0aGUgcGF0aAoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJVHJ5IHsKCQlDb3B5LUl0ZW0gJHRlbXBwYXRoICRjbGVhbnBhdGggLWZvcmNlIC1FcnJvckFjdGlvbiBTdG9wIC1XaGF0SWY6JGNoZWNrX21vZGU7Cgl9CglDYXRjaCB7CgkJRmFpbC1Kc29uIEB7fSAiQ2Fubm90IHdyaXRlIHRvOiAkY2xlYW5wYXRoICgkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSkiOwoJfQoKCVRyeSB7CgkJUmVtb3ZlLUl0ZW0gJHRlbXBwYXRoIC1mb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCByZW1vdmUgdGVtcG9yYXJ5IGZpbGU6ICR0ZW1wcGF0aCAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCglyZXR1cm4gJGpvaW5lZDsKCn0KCgojIEJhY2t1cCB0aGUgZmlsZSBzcGVjaWZpZWQgd2l0aCBhIGRhdGUvdGltZSBmaWxlbmFtZQpmdW5jdGlvbiBCYWNrdXBGaWxlKCRwYXRoLCAkY2hlY2tfbW9kZSkgewoJJGJhY2t1cHBhdGggPSAkcGF0aCArICIuIiArIFtEYXRlVGltZV06Ok5vdy5Ub1N0cmluZygieXl5eU1NZGQtSEhtbXNzIik7CglUcnkgewoJCUNvcHktSXRlbSAkcGF0aCAkYmFja3VwcGF0aCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCBjb3B5IGJhY2t1cCBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCXJldHVybiAkYmFja3VwcGF0aDsKfQoKCiMgSW1wbGVtZW50IHRoZSBmdW5jdGlvbmFsaXR5IGZvciBzdGF0ZSA9PSAncHJlc2VudCcKZnVuY3Rpb24gUHJlc2VudCgkcGF0aCwgJHJlZ2V4cCwgJGxpbmUsICRpbnNlcnRhZnRlciwgJGluc2VydGJlZm9yZSwgJGNyZWF0ZSwgJGJhY2t1cCwgJGJhY2tyZWZzLCAkdmFsaWRhdGUsICRlbmNvZGluZ29iaiwgJGxpbmVzZXAsICRjaGVja19tb2RlLCAkZGlmZl9zdXBwb3J0KSB7CgoJIyBOb3RlIHRoYXQgd2UgaGF2ZSB0byBjbGVhbiB1cCB0aGUgcGF0aCBiZWNhdXNlIGFuc2libGUgd2FudHMgdG8gdHJlYXQgLyBhbmQgXCBhcwoJIyBpbnRlcmNoYW5nZWFibGUgaW4gd2luZG93cyBwYXRobmFtZXMsIGJ1dCAuTkVUIGZyYW1ld29yayBpbnRlcm5hbHMgZG8gbm90IHN1cHBvcnQgdGhhdC4KCSRjbGVhbnBhdGggPSAkcGF0aC5SZXBsYWNlKCIvIiwgIlwiKTsKCgkjIENoZWNrIGlmIHBhdGggZXhpc3RzLiBJZiBpdCBkb2VzIG5vdCBleGlzdCwgZWl0aGVyIGNyZWF0ZSBpdCBpZiBjcmVhdGUgPT0gInllcyIKCSMgd2FzIHNwZWNpZmllZCBvciBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlJZiAoLW5vdCAkY3JlYXRlKSB7CgkJCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggZG9lcyBub3QgZXhpc3QgISI7CgkJfQoJCSMgQ3JlYXRlIG5ldyBlbXB0eSBmaWxlLCB1c2luZyB0aGUgc3BlY2lmaWVkIGVuY29kaW5nIHRvIHdyaXRlIGNvcnJlY3QgQk9NCgkJW1N5c3RlbS5JTy5GaWxlXTo6V3JpdGVBbGxMaW5lcygkY2xlYW5wYXRoLCAiIiwgJGVuY29kaW5nb2JqKTsKCX0KCgkjIEluaXRpYWxpemUgcmVzdWx0IGluZm9ybWF0aW9uCgkkcmVzdWx0ID0gQHsKCQliYWNrdXAgPSAiIjsKCQljaGFuZ2VkID0gJGZhbHNlOwoJCW1zZyA9ICIiOwoJfQoKCSMgUmVhZCB0aGUgZGVzdCBmaWxlIGxpbmVzIHVzaW5nIHRoZSBpbmRpY2F0ZWQgZW5jb2RpbmcgaW50byBhIG11dGFibGUgQXJyYXlMaXN0LgoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopCglJZiAoJGJlZm9yZSAtZXEgJG51bGwpIHsKCQkkbGluZXMgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZ ScriptBlock ID: 7f23115e-3b5a-48f5-baaf-d72df80d7034 Path:	4104	1		3	2	15	0	1323	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0001-9cee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyB ScriptBlock ID: 7f23115e-3b5a-48f5-baaf-d72df80d7034 Path:	4104	1		3	2	15	0	1322	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	2060	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0001-9cee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1321	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	3768	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0003-53eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1260 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1320	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	1728	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0003-53eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1319	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1260	3768	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:48 PM	1909dffc-a75a-0003-53eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1318	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4064	1900	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:46 PM	1909dffc-a75a-0003-48eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4064 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1317	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4064	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:46 PM	1909dffc-a75a-0003-48eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1316	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4064	1900	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:46 PM	1909dffc-a75a-0003-48eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = f8d72d00-d0c7-4cbf-b2d9-12e834fc1af7 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = d66718aa-04f6-40c8-9e1f-e015e094f866 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1315	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	3912	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:46 PM	1909dffc-a75a-0002-83eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 460ca5e5-ff92-4d88-a041-e8d13dcf8f40 Path:	4104	1		3	2	15	0	1314	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-b037-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 1a95ac50-7100-4d9e-8a8f-d1504480e1d2 Path:	4104	1		3	2	15	0	1313	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-a937-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 79554990-76f2-453d-ac97-62ebbbc05757 Path:	4104	1		3	2	15	0	1312	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-9a37-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): lciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\neutron\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 6cc35576-c240-43e1-b353-d0532c4918a1 Path:	4104	1		3	2	15	0	1311	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-9437-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWR ScriptBlock ID: 6cc35576-c240-43e1-b353-d0532c4918a1 Path:	4104	1		3	2	15	0	1310	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-9437-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAg ScriptBlock ID: 6cc35576-c240-43e1-b353-d0532c4918a1 Path:	4104	1		3	2	15	0	1309	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	2140	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0004-9437-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1308	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:45 PM	1909dffc-a75a-0002-73eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4160 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1307	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4660	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:44 PM	1909dffc-a75a-0002-73eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1306	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4160	4576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:44 PM	1909dffc-a75a-0002-73eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1305	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2388	4700	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3ceb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2388 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1304	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2388	4124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3ceb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1303	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2388	4700	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3ceb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1302	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4928	1132	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3beb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4928 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1301	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4928	916	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3beb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1300	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4928	1132	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0003-3beb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: bd243cce-aa73-47ff-85b8-34a43add269d Path:	4104	1		3	2	15	0	1299	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	4880	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0004-6337-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 4150d579-c456-4271-9003-25ccf6b30645 Path:	4104	1		3	2	15	0	1298	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3380	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:43 PM	1909dffc-a75a-0004-5637-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 2a633ebc-0159-4bc2-ba95-bab5c0105066 Path:	4104	1		3	2	15	0	1297	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3380	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0004-4737-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-networking-hyperv.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547300.82-47065599128855\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-networking-hyperv.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547300.82-47065599128855'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: c63a42ff-c207-4979-b401-647442d0d34e Path:	4104	1		3	2	15	0	1296	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3380	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0004-4137-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): CAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgI ScriptBlock ID: c63a42ff-c207-4979-b401-647442d0d34e Path:	4104	1		3	2	15	0	1295	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3380	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0004-4137-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogI ScriptBlock ID: c63a42ff-c207-4979-b401-647442d0d34e Path:	4104	1		3	2	15	0	1294	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3380	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0004-4137-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1293	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0002-68eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1292	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	4384	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0002-68eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1291	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3944	3632	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:42 PM	1909dffc-a75a-0002-68eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659547300.82-47065599128855\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: f7263cca-8b76-4a4d-bf29-ef012ba9ce9a Path:	4104	1		3	2	15	0	1290	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	2840	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0002-5feb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1289	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	1484	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0003-36eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 680 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1288	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	2812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0003-36eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1287	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	680	1484	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0003-36eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1286	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	4972	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0005-c608-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5068 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1285	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	4584	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0005-c608-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1284	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5068	4972	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0005-c608-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1283	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1012	2396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0005-c208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1012 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1282	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1012	4628	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:41 PM	1909dffc-a75a-0005-c208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1281	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1012	2396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:40 PM	1909dffc-a75a-0005-c208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: d321da9b-e045-47d9-bcb0-f2c1ae3a9b62 Path:	4104	1		3	2	15	0	1280	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1920	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:40 PM	1909dffc-a75a-0000-4eef-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 19da6b88-1a65-42be-99d8-da73681bc6d8 Path:	4104	1		3	2	15	0	1279	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:40 PM	1909dffc-a75a-0004-2637-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: d607c2ca-d97d-480f-ac34-dd7e3703d202 Path:	4104	1		3	2	15	0	1278	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:40 PM	1909dffc-a75a-0005-b408-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): pdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-networking-hyperv.log", "checksum": "b408d76e85b3a950959bcbd7fb0ea1bb1c5413a2", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-5686xtZq9a/tmpuTSZDn"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 1e30d8c3-8c14-4ec2-9317-9340739961be Path:	4104	1		3	2	15	0	1277	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0004-2037-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): bGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2h ScriptBlock ID: 1e30d8c3-8c14-4ec2-9317-9340739961be Path:	4104	1		3	2	15	0	1276	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0004-2037-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1B ScriptBlock ID: 1e30d8c3-8c14-4ec2-9317-9340739961be Path:	4104	1		3	2	15	0	1275	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	1576	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0004-2037-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1274	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	2084	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0003-30eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1496 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1273	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	2136	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0003-30eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1272	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1496	2084	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:21:39 PM	1909dffc-a75a-0003-30eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1271	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4900	4296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:47 PM	1909dffc-a75a-0004-f536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4900 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1270	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4900	5096	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:46 PM	1909dffc-a75a-0004-f536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1269	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4900	4296	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:46 PM	1909dffc-a75a-0004-f536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 65206ce8-e458-4327-b816-0a693f694aac Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 8d293d84-d4ca-4f63-9100-db8e74441617 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1268	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2588	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:46 PM	1909dffc-a75a-0003-faea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9765455e-7582-4ca1-b1d7-108ef5d8d78c Path:	4104	1		3	2	15	0	1267	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:46 PM	1909dffc-a75a-0003-dbea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 543c1111-1b2f-403e-925e-db8c61106457 Path:	4104	1		3	2	15	0	1266	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:46 PM	1909dffc-a75a-0003-d4ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 6595cf11-cf45-4735-8fb9-2eedff1fd653 Path:	4104	1		3	2	15	0	1265	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0004-e836-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): mFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\networking-hyperv", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f3938848-b3db-4d8c-8a07-848d07e316aa Path:	4104	1		3	2	15	0	1264	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0003-cdea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): iBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhc ScriptBlock ID: f3938848-b3db-4d8c-8a07-848d07e316aa Path:	4104	1		3	2	15	0	1263	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0003-cdea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhc ScriptBlock ID: f3938848-b3db-4d8c-8a07-848d07e316aa Path:	4104	1		3	2	15	0	1262	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2064	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0003-cdea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1261	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2568	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0005-8308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4128 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1260	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2344	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0005-8308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1259	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4128	2568	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:45 PM	1909dffc-a75a-0005-8308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 9079d386-6536-4569-9f2b-17104147ac09 Path:	4104	1		3	2	15	0	1258	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:44 PM	1909dffc-a75a-0005-6d08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 61a48781-955b-4f3d-97d4-7b48a08ebeda Path:	4104	1		3	2	15	0	1257	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:44 PM	1909dffc-a75a-0005-5e08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): tYWxpYXNlcyAiZGVzdCIsImRlc3RmaWxlIiwibmFtZSI7CiRyZWdleHAgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicmVnZXhwIiAtdHlwZSAic3RyIjsKJHN0YXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInN0YXRlIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAicHJlc2VudCIgLXZhbGlkYXRlc2V0ICJwcmVzZW50IiwiYWJzZW50IjsKJGxpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAibGluZSIgLXR5cGUgInN0ciI7CiRiYWNrcmVmcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrcmVmcyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGluc2VydGFmdGVyID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImluc2VydGFmdGVyIiAtdHlwZSAic3RyIjsKJGluc2VydGJlZm9yZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJpbnNlcnRiZWZvcmUiIC10eXBlICJzdHIiOwokY3JlYXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImNyZWF0ZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGJhY2t1cCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrdXAiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiR2YWxpZGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ2YWxpZGF0ZSIgLXR5cGUgInN0ciI7CiRlbmNvZGluZyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJlbmNvZGluZyIgLXR5cGUgInN0ciIgLWRlZmF1bHQgImF1dG8iOwokbmV3bGluZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJuZXdsaW5lIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAid2luZG93cyIgLXZhbGlkYXRlc2V0ICJ1bml4Iiwid2luZG93cyI7CgojIEZhaWwgaWYgdGhlIHBhdGggaXMgbm90IGEgZmlsZQpJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCAtUGF0aFR5cGUgImNvbnRhaW5lciIpIHsKCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggaXMgYSBkaXJlY3RvcnkiOwp9CgojIERlZmF1bHQgdG8gd2luZG93cyBsaW5lIHNlcGFyYXRvciAtIHByb2JhYmx5IG1vc3QgY29tbW9uCiRsaW5lc2VwID0gImByYG4iCklmICgkbmV3bGluZSAtZXEgInVuaXgiKSB7CgkkbGluZXNlcCA9ICJgbiI7Cn0KCiMgRmlndXJlIG91dCB0aGUgcHJvcGVyIGVuY29kaW5nIHRvIHVzZSBmb3IgcmVhZGluZyAvIHdyaXRpbmcgdGhlIHRhcmdldCBmaWxlLgoKIyBUaGUgZGVmYXVsdCBlbmNvZGluZyBpcyBVVEYtOCB3aXRob3V0IEJPTQokZW5jb2RpbmdvYmogPSBbU3lzdGVtLlRleHQuVVRGOEVuY29kaW5nXSAkZmFsc2U7CgojIElmIGFuIGV4cGxpY2l0IGVuY29kaW5nIGlzIHNwZWNpZmllZCwgdXNlIHRoYXQgaW5zdGVhZApJZiAoJGVuY29kaW5nIC1uZSAiYXV0byIpIHsKCSRlbmNvZGluZ29iaiA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5nKCRlbmNvZGluZyk7Cn0KCiMgT3RoZXJ3aXNlIHNlZSBpZiB3ZSBjYW4gZGV0ZXJtaW5lIHRoZSBjdXJyZW50IGVuY29kaW5nIG9mIHRoZSB0YXJnZXQgZmlsZS4KIyBJZiB0aGUgZmlsZSBkb2Vzbid0IGV4aXN0IHlldCAoY3JlYXRlID09ICd5ZXMnKSB3ZSB1c2UgdGhlIGRlZmF1bHQgb3IKIyBleHBsaWNpdGx5IHNwZWNpZmllZCBlbmNvZGluZyBzZXQgYWJvdmUuCkVsc2VJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewoKCSMgR2V0IGEgc29ydGVkIGxpc3Qgb2YgZW5jb2RpbmdzIHdpdGggcHJlYW1ibGVzLCBsb25nZXN0IGZpcnN0CgkkbWF4X3ByZWFtYmxlX2xlbiA9IDA7Cgkkc29ydGVkbGlzdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLlNvcnRlZExpc3Q7CglGb3JlYWNoICgkZW5jb2RpbmdpbmZvIGluIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5ncygpKSB7CgkJJGVuY29kaW5nID0gJGVuY29kaW5naW5mby5HZXRFbmNvZGluZygpOwoJCSRwbGVuID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCkuTGVuZ3RoOwoJCUlmICgkcGxlbiAtZ3QgJG1heF9wcmVhbWJsZV9sZW4pIHsKCQkJJG1heF9wcmVhbWJsZV9sZW4gPSAkcGxlbjsKCQl9CgkJSWYgKCRwbGVuIC1ndCAwKSB7CgkJCSRzb3J0ZWRsaXN0LkFkZCgtKCRwbGVuICogMTAwMDAwMCArICRlbmNvZGluZy5Db2RlUGFnZSksICRlbmNvZGluZyk7CgkJfQoJfQoKCSMgR2V0IHRoZSBmaXJzdCBOIGJ5dGVzIGZyb20gdGhlIGZpbGUsIHdoZXJlIE4gaXMgdGhlIG1heCBwcmVhbWJsZSBsZW5ndGggd2Ugc2F3CglbQnl0ZVtdXSRib20gPSBHZXQtQ29udGVudCAtRW5jb2RpbmcgQnl0ZSAtUmVhZENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1Ub3RhbENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1MaXRlcmFsUGF0aCAkcGF0aDsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgc29ydGVkIGVuY29kaW5ncywgbG9va2luZyBmb3IgYSBmdWxsIG1hdGNoLgoJJGZvdW5kID0gJGZhbHNlOwoJRm9yZWFjaCAoJGVuY29kaW5nIGluICRzb3J0ZWRsaXN0LkdldFZhbHVlTGlzdCgpKSB7CgkJJHByZWFtYmxlID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCk7CgkJSWYgKCRwcmVhbWJsZSAtYW5kICRib20pIHsKCQkJRm9yZWFjaCAoJGkgaW4gMC4uKCRwcmVhbWJsZS5MZW5ndGggLSAxKSkgewoJCQkJSWYgKCRpIC1nZSAkYm9tLkxlbmd0aCkgewoJCQkJCWJyZWFrOwoJCQkJfQoJCQkJSWYgKCRwcmVhbWJsZVskaV0gLW5lICRib21bJGldKSB7CgkJCQkJYnJlYWs7CgkJCQl9CgkJCQlFbHNlSWYgKCRpICsgMSAtZXEgJHByZWFtYmxlLkxlbmd0aCkgewoJCQkJCSRlbmNvZGluZ29iaiA9ICRlbmNvZGluZzsKCQkJCQkkZm91bmQgPSAkdHJ1ZTsKCQkJCX0KCQkJfQoJCQlJZiAoJGZvdW5kKSB7CgkJCQlicmVhazsKCQkJfQoJCX0KCX0KfQoKCiMgTWFpbiBkaXNwYXRjaCAtIGJhc2VkIG9uIHRoZSB2YWx1ZSBvZiAnc3RhdGUnLCBwZXJmb3JtIGFyZ3VtZW50IHZhbGlkYXRpb24gYW5kCiMgY2FsbCB0aGUgYXBwcm9wcmlhdGUgaGFuZGxlciBmdW5jdGlvbi4KSWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CgoJSWYgKCRiYWNrcmVmcyAtYW5kIC1ub3QgJHJlZ2V4cCkgewoJICAgIEZhaWwtSnNvbiBAe30gInJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBiYWNrcmVmcz10cnVlIjsKCX0KCglJZiAoLW5vdCAkbGluZSkgewoJCUZhaWwtSnNvbiBAe30gImxpbmU9IGlzIHJlcXVpcmVkIHdpdGggc3RhdGU9cHJlc2VudCI7Cgl9CgoJSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YWZ0ZXIpIHsKCQlBZGQtV2FybmluZyAkcmVzdWx0ICJCb3RoIGluc2VydGJlZm9yZSBhbmQgaW5zZXJ0YWZ0ZXIgcGFyYW1ldGVycyBmb3VuZCwgaWdub3JpbmcgYCJpbnNlcnRhZnRlcj0kaW5zZXJ0YWZ0ZXJgIiIKCX0KCglJZiAoLW5vdCAkaW5zZXJ0YmVmb3JlIC1hbmQgLW5vdCAkaW5zZXJ0YWZ0ZXIpIHsKCQkkaW5zZXJ0YWZ0ZXIgPSAiRU9GIjsKCX0KCglQcmVzZW50ICRwYXRoICRyZWdleHAgJGxpbmUgJGluc2VydGFmdGVyICRpbnNlcnRiZWZvcmUgJGNyZWF0ZSAkYmFja3VwICRiYWNrcmVmcyAkdmFsaWRhdGUgJGVuY29kaW5nb2JqICRsaW5lc2VwICRjaGVja19tb2RlICRkaWZmX3N1cHBvcnQ7Cgp9CkVsc2VJZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewoKCUlmICgtbm90ICRyZWdleHAgLWFuZCAtbm90ICRsaW5lKSB7CgkJRmFpbC1Kc29uIEB7fSAib25lIG9mIGxpbmU9IG9yIHJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBzdGF0ZT1hYnNlbnQiOwoJfQoKCUFic2VudCAkcGF0aCAkcmVnZXhwICRsaW5lICRiYWNrdXAgJHZhbGlkYXRlICRlbmNvZGluZ29iaiAkbGluZXNlcCAkY2hlY2tfbW9kZSAkZGlmZl9zdXBwb3J0Owp9Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "regexp": "^networking-hyperv[^-] *.*(@|<|>|=).*", "newline": "unix", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt", "line": "networking-hyperv @ file:///C:/openstack/build/networking-hyperv#egg=networking-hyperv", "_ansible_tmpdir": null, "_ansible_module_name": "win_lineinfile", "_ansible_debug": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 7366cdd7-fe10-4c63-b93c-a51b892313e1 Path:	4104	1		3	2	15	0	1256	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0005-5808-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): zIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCmZ1bmN0aW9uIFdyaXRlTGluZXMoJG91dGxpbmVzLCAkcGF0aCwgJGxpbmVzZXAsICRlbmNvZGluZ29iaiwgJHZhbGlkYXRlLCAkY2hlY2tfbW9kZSkgewoJVHJ5IHsKCQkkdGVtcHBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRUZW1wRmlsZU5hbWUoKTsKCX0KCUNhdGNoIHsKCQlGYWlsLUpzb24gQHt9ICJDYW5ub3QgY3JlYXRlIHRlbXBvcmFyeSBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCSRqb2luZWQgPSAkb3V0bGluZXMgLWpvaW4gJGxpbmVzZXA7CglbU3lzdGVtLklPLkZpbGVdOjpXcml0ZUFsbFRleHQoJHRlbXBwYXRoLCAkam9pbmVkLCAkZW5jb2RpbmdvYmopOwoKCUlmICgkdmFsaWRhdGUpIHsKCgkJSWYgKC1ub3QgKCR2YWxpZGF0ZSAtbGlrZSAiKiVzKiIpKSB7CgkJCUZhaWwtSnNvbiBAe30gInZhbGlkYXRlIG11c3QgY29udGFpbiAlczogJHZhbGlkYXRlIjsKCQl9CgoJCSR2YWxpZGF0ZSA9ICR2YWxpZGF0ZS5SZXBsYWNlKCIlcyIsICR0ZW1wcGF0aCk7CgoJCSRwYXJ0cyA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkdmFsaWRhdGUuU3BsaXQoIiAiKTsKCQkkY21kbmFtZSA9ICRwYXJ0c1swXTsKCgkJJGNtZGFyZ3MgPSAkdmFsaWRhdGUuU3Vic3RyaW5nKCRjbWRuYW1lLkxlbmd0aCArIDEpOwoKCQkkcHJvY2VzcyA9IFtEaWFnbm9zdGljcy5Qcm9jZXNzXTo6U3RhcnQoJGNtZG5hbWUsICRjbWRhcmdzKTsKCQkkcHJvY2Vzcy5XYWl0Rm9yRXhpdCgpOwoKCQlJZiAoJHByb2Nlc3MuRXhpdENvZGUgLW5lIDApIHsKCQkJW3N0cmluZ10gJG91dHB1dCA9ICRwcm9jZXNzLlN0YW5kYXJkT3V0cHV0LlJlYWRUb0VuZCgpOwoJCQlbc3RyaW5nXSAkZXJyb3IgPSAkcHJvY2Vzcy5TdGFuZGFyZEVycm9yLlJlYWRUb0VuZCgpOwoJCQlSZW1vdmUtSXRlbSAkdGVtcHBhdGggLWZvcmNlOwoJCQlGYWlsLUpzb24gQHt9ICJmYWlsZWQgdG8gdmFsaWRhdGUgJGNtZG5hbWUgJGNtZGFyZ3Mgd2l0aCBlcnJvcjogJG91dHB1dCAkZXJyb3IiOwoJCX0KCgl9CgoJIyBDb21taXQgY2hhbmdlcyB0byB0aGUgcGF0aAoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJVHJ5IHsKCQlDb3B5LUl0ZW0gJHRlbXBwYXRoICRjbGVhbnBhdGggLWZvcmNlIC1FcnJvckFjdGlvbiBTdG9wIC1XaGF0SWY6JGNoZWNrX21vZGU7Cgl9CglDYXRjaCB7CgkJRmFpbC1Kc29uIEB7fSAiQ2Fubm90IHdyaXRlIHRvOiAkY2xlYW5wYXRoICgkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSkiOwoJfQoKCVRyeSB7CgkJUmVtb3ZlLUl0ZW0gJHRlbXBwYXRoIC1mb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCByZW1vdmUgdGVtcG9yYXJ5IGZpbGU6ICR0ZW1wcGF0aCAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCglyZXR1cm4gJGpvaW5lZDsKCn0KCgojIEJhY2t1cCB0aGUgZmlsZSBzcGVjaWZpZWQgd2l0aCBhIGRhdGUvdGltZSBmaWxlbmFtZQpmdW5jdGlvbiBCYWNrdXBGaWxlKCRwYXRoLCAkY2hlY2tfbW9kZSkgewoJJGJhY2t1cHBhdGggPSAkcGF0aCArICIuIiArIFtEYXRlVGltZV06Ok5vdy5Ub1N0cmluZygieXl5eU1NZGQtSEhtbXNzIik7CglUcnkgewoJCUNvcHktSXRlbSAkcGF0aCAkYmFja3VwcGF0aCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCBjb3B5IGJhY2t1cCBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCXJldHVybiAkYmFja3VwcGF0aDsKfQoKCiMgSW1wbGVtZW50IHRoZSBmdW5jdGlvbmFsaXR5IGZvciBzdGF0ZSA9PSAncHJlc2VudCcKZnVuY3Rpb24gUHJlc2VudCgkcGF0aCwgJHJlZ2V4cCwgJGxpbmUsICRpbnNlcnRhZnRlciwgJGluc2VydGJlZm9yZSwgJGNyZWF0ZSwgJGJhY2t1cCwgJGJhY2tyZWZzLCAkdmFsaWRhdGUsICRlbmNvZGluZ29iaiwgJGxpbmVzZXAsICRjaGVja19tb2RlLCAkZGlmZl9zdXBwb3J0KSB7CgoJIyBOb3RlIHRoYXQgd2UgaGF2ZSB0byBjbGVhbiB1cCB0aGUgcGF0aCBiZWNhdXNlIGFuc2libGUgd2FudHMgdG8gdHJlYXQgLyBhbmQgXCBhcwoJIyBpbnRlcmNoYW5nZWFibGUgaW4gd2luZG93cyBwYXRobmFtZXMsIGJ1dCAuTkVUIGZyYW1ld29yayBpbnRlcm5hbHMgZG8gbm90IHN1cHBvcnQgdGhhdC4KCSRjbGVhbnBhdGggPSAkcGF0aC5SZXBsYWNlKCIvIiwgIlwiKTsKCgkjIENoZWNrIGlmIHBhdGggZXhpc3RzLiBJZiBpdCBkb2VzIG5vdCBleGlzdCwgZWl0aGVyIGNyZWF0ZSBpdCBpZiBjcmVhdGUgPT0gInllcyIKCSMgd2FzIHNwZWNpZmllZCBvciBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlJZiAoLW5vdCAkY3JlYXRlKSB7CgkJCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggZG9lcyBub3QgZXhpc3QgISI7CgkJfQoJCSMgQ3JlYXRlIG5ldyBlbXB0eSBmaWxlLCB1c2luZyB0aGUgc3BlY2lmaWVkIGVuY29kaW5nIHRvIHdyaXRlIGNvcnJlY3QgQk9NCgkJW1N5c3RlbS5JTy5GaWxlXTo6V3JpdGVBbGxMaW5lcygkY2xlYW5wYXRoLCAiIiwgJGVuY29kaW5nb2JqKTsKCX0KCgkjIEluaXRpYWxpemUgcmVzdWx0IGluZm9ybWF0aW9uCgkkcmVzdWx0ID0gQHsKCQliYWNrdXAgPSAiIjsKCQljaGFuZ2VkID0gJGZhbHNlOwoJCW1zZyA9ICIiOwoJfQoKCSMgUmVhZCB0aGUgZGVzdCBmaWxlIGxpbmVzIHVzaW5nIHRoZSBpbmRpY2F0ZWQgZW5jb2RpbmcgaW50byBhIG11dGFibGUgQXJyYXlMaXN0LgoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopCglJZiAoJGJlZm9yZSAtZXEgJG51bGwpIHsKCQkkbGluZXMgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7Cgl9CglFbHNlIHsKCQkkbGluZXMgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0gJGJlZm9yZTsKCX0KCglpZiAoJGRpZmZfc3VwcG9ydCkgewoJCSRyZXN1bHQuZGlmZiA9IEB7CgkJCWJlZm9yZSA9ICRiZWZvcmUgLWpvaW4gJGxpbmVzZXA7CgkJfQoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggc3BlY2lmaWVkLCBpZiBwcm92aWRlZAoJJG1yZSA9ICRudWxsOwoJSWYgKCRyZWdleHApIHsKCQkkbXJlID0gTmV3LU9iamVjdCBSZWdleCAkcmVnZXhwLCAnQ29tcGlsZWQnOwoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggZm9yIGluc2VydGFmdGVyIG9yIGluc2VydGJlZm9yZSwgaWYgcHJvdmlkZWQKCSRpbnNyZSA9ICRudWxsOwoJSWYgKCRpbnNlcnRhZnRlciAtYW5kICRpbnNlcnRhZnRlciAtbmUgIkJPRiIgLWFuZCAkaW5zZXJ0YWZ0ZXIgLW5lICJFT0YiKSB7CgkJJGluc3JlID0gTmV3LU9iamVjdCBSZWdleCAkaW5zZXJ0YWZ0ZXIsICdDb21waWxlZCc7Cgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YmVmb3JlIC1uZSAiQk9GIikgewoJCSRpbnNyZSA9IE5ldy1PYmplY3QgUmVnZXggJGluc2VydGJlZm9yZSwgJ0NvbXBpbGVkJzsKCX0KCgkjIGluZGV4WzBdIGlzIHRoZSBsaW5lIG51bSB3aGVyZSByZWdleHAgaGFzIGJlZW4gZm91bmQKCSMgaW5kZXhbMV0gaXMgdGhlIGxpbmUgbnVtIHdoZXJlIGluc2VydGFmdGVyL2luc2VyYmVmb3JlIGhhcyBiZWVuIGZvdW5kCgkkaW5kZXggPSAtMSwgLTE7CgkkbGluZW5vID0gMDsKCgkjIFRoZSBsYXRlc3QgbWF0Y2ggb2JqZWN0IGFuZCBtYXRjaGVkIGxpbmUKCSRtYXRjaGVkX2xpbmUgPSAiIjsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgbGluZXMgaW4gdGhlIGZpbGUgbG9va2luZyBmb3IgbWF0Y2hlcwoJRm9yZWFjaCAoJGN1cl9saW5lIGluICRsaW5lcykgewoJCUlmICgkcmVnZXhwKSB7CgkJCSRtID0gJG1yZS5NYXRjaCgkY3VyX2xpbmUpOwoJCQkkbWF0Y2hfZm91bmQgPSAkbS5TdWNjZXNzOwoJCQlJZiAoJG1hdGNoX2ZvdW5kKSB7CgkJCQkkbWF0Y2hlZF9saW5lID0gJGN1cl9saW5lOwoJCQl9CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkaW5kZXhbMF0gPSAkbGluZW5vOwoJCX0KCQlFbHNlSWYgKCRpbnNyZSAtYW5kICRpbnNyZS5NYXRjaCgkY3VyX2xpbmUpLlN1Y2Nlc3MpIHsKCQkJSWYgKCRpbnNlcnRhZnRlcikgewoJCQkJJGluZGV4WzFdID0gJGxpbmVubyArIDE7CgkJCX0KCQkJSWYgKCRpbnNlcnRiZWZvcmUpIHsKCQkJCSRpbmRleFsxXSA9ICRsaW5lbm87CgkJCX0KCQl9CgkJJGxpbmVubyA9ICRsaW5lbm8gKyAxOwoJfQoKCUlmICgkaW5kZXhbMF0gLW5lIC0xKSB7CgkJSWYgKCRiYWNrcmVmcykgewoJCSAgICAkbmV3X2xpbmUgPSBbcmVnZXhdOjpSZXBsYWNlKCRtYXRjaGVkX2xpbmUsICRyZWdleHAsICRsaW5lKTsKCQl9CgkJRWxzZSB7CgkJCSRuZXdfbGluZSA9ICRsaW5lOwoJCX0KCQlJZiAoJGxpbmVzWyRpbmRleFswXV0gLWNuZSAkbmV3X2xpbmUpIHsKCQkJJGxpbmVzWyRpbmRleFswXV0gPSAkbmV3X2xpbmU7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIHJlcGxhY2VkIjsKCQl9Cgl9CglFbHNlSWYgKCRiYWNrcmVmcykgewoJCSMgTm8gbWF0Y2hlcyAtIG5vLW9wCgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWVxICJCT0YiIC1vciAkaW5zZXJ0YWZ0ZXIgLWVxICJCT0YiKSB7CgkJJGxpbmVzLkluc2VydCgwLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CglFbHNlSWYgKCRpbnNlcnRhZnRlciAtZXEgIkVPRiIgLW9yICRpbmRleFsxXSAtZXEgLTEpIHsKCQkkbGluZXMuQWRkKCRsaW5lKTsKCQkkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZTsKCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIGFkZGVkIjsKCX0KCUVsc2UgewoJCSRsaW5lcy5JbnNlcnQoJGluZGV4WzFdLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CgoJIyBXcml0ZSBjaGFuZ2VzIHRvIHRoZSBwYXRoIGlmIGNoYW5nZXMgd2VyZSBtYWRlCglJZiAoJHJlc3VsdC5jaGFuZ2VkKSB7CgoJCSMgV3JpdGUgYmFja3VwIGZpbGUgaWYgYmFja3VwID09ICJ5ZXMiCgkJSWYgKCRiYWNrdXApIHsKCQkJJHJlc3VsdC5iYWNrdXAgPSBCYWNrdXBGaWxlICRwYXRoICRjaGVja19tb2RlOwoJCX0KCgkJJGFmdGVyID0gV3JpdGVMaW5lcyAkbGluZXMgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIEltcGxlbWVudCB0aGUgZnVuY3Rpb25hbGl0eSBmb3Igc3RhdGUgPT0gJ2Fic2VudCcKZnVuY3Rpb24gQWJzZW50KCRwYXRoLCAkcmVnZXhwLCAkbGluZSwgJGJhY2t1cCwgJHZhbGlkYXRlLCAkZW5jb2RpbmdvYmosICRsaW5lc2VwLCAkY2hlY2tfbW9kZSwgJGRpZmZfc3VwcG9ydCkgewoKCSMgQ2hlY2sgaWYgcGF0aCBleGlzdHMuIElmIGl0IGRvZXMgbm90IGV4aXN0LCBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlGYWlsLUpzb24gQHt9ICJQYXRoICRwYXRoIGRvZXMgbm90IGV4aXN0ICEiOwoJfQoKCSMgSW5pdGlhbGl6ZSByZXN1bHQgaW5mb3JtYXRpb24KCSRyZXN1bHQgPSBAewoJCWJhY2t1cCA9ICIiOwoJCWNoYW5nZWQgPSAkZmFsc2U7CgkJbXNnID0gIiI7Cgl9CgoJIyBSZWFkIHRoZSBkZXN0IGZpbGUgbGluZXMgdXNpbmcgdGhlIGluZGljYXRlZCBlbmNvZGluZyBpbnRvIGEgbXV0YWJsZSBBcnJheUxpc3QuIE5vdGUKCSMgdGhhdCB3ZSBoYXZlIHRvIGNsZWFuIHVwIHRoZSBwYXRoIGJlY2F1c2UgYW5zaWJsZSB3YW50cyB0byB0cmVhdCAvIGFuZCBcIGFzCgkjIGludGVyY2hhbmdlYWJsZSBpbiB3aW5kb3dzIHBhdGhuYW1lcywgYnV0IC5ORVQgZnJhbWV3b3JrIGludGVybmFscyBkbyBub3Qgc3VwcG9ydCB0aGF0LgoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopOwoJSWYgKCRiZWZvcmUgLWVxICRudWxsKSB7CgkJJGxpbmVzID0gTmV3LU9iamVjdCBTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0OwoJfQoJRWxzZSB7CgkJJGxpbmVzID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3RdICRiZWZvcmU7Cgl9CgoJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkkcmVzdWx0LmRpZmYgPSBAewoJCQliZWZvcmUgPSAkYmVmb3JlIC1qb2luICRsaW5lc2VwOwoJCX0KCX0KCgkjIENvbXBpbGUgdGhlIHJlZ2V4IHNwZWNpZmllZCwgaWYgcHJvdmlkZWQKCSRjcmUgPSAkbnVsbDsKCUlmICgkcmVnZXhwKSB7CgkJJGNyZSA9IE5ldy1PYmplY3QgUmVnZXggJHJlZ2V4cCwgJ0NvbXBpbGVkJzsKCX0KCgkkZm91bmQgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7CgkkbGVmdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdDsKCglGb3JlYWNoICgkY3VyX2xpbmUgaW4gJGxpbmVzKSB7CgkJSWYgKCRyZWdleHApIHsKCQkJJG0gPSAkY3JlLk1hdGNoKCRjdXJfbGluZSk7CgkJCSRtYXRjaF9mb3VuZCA9ICRtLlN1Y2Nlc3M7CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkZm91bmQuQWRkKCRjdXJfbGluZSk7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCX0KCQlFbHNlIHsKCQkJJGxlZnQuQWRkKCRjdXJfbGluZSk7CgkJfQoJfQoKCSMgV3JpdGUgY2hhbmdlcyB0byB0aGUgcGF0aCBpZiBjaGFuZ2VzIHdlcmUgbWFkZQoJSWYgKCRyZXN1bHQuY2hhbmdlZCkgewoKCQkjIFdyaXRlIGJhY2t1cCBmaWxlIGlmIGJhY2t1cCA9PSAieWVzIgoJCUlmICgkYmFja3VwKSB7CgkJCSRyZXN1bHQuYmFja3VwID0gQmFja3VwRmlsZSAkcGF0aCAkY2hlY2tfbW9kZTsKCQl9CgoJCSRhZnRlciA9IFdyaXRlTGluZXMgJGxlZnQgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgkkcmVzdWx0LmZvdW5kID0gJGZvdW5kLkNvdW50OwoJJHJlc3VsdC5tc2cgPSAiJCgkZm91bmQuQ291bnQpIGxpbmUocykgcmVtb3ZlZCI7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIFBhcnNlIHRoZSBwYXJhbWV0ZXJzIGZpbGUgZHJvcHBlZCBieSB0aGUgQW5zaWJsZSBtYWNoaW5lcnkKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWU7CiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgIl9hbnNpYmxlX2NoZWNrX21vZGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiRkaWZmX3N1cHBvcnQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKCiMgSW5pdGlhbGl6ZSBkZWZhdWx0cyBmb3IgaW5wdXQgcGFyYW1ldGVycy4KJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicGF0aCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZSA ScriptBlock ID: 7366cdd7-fe10-4c63-b93c-a51b892313e1 Path:	4104	1		3	2	15	0	1255	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0005-5808-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): c3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmV ScriptBlock ID: 7366cdd7-fe10-4c63-b93c-a51b892313e1 Path:	4104	1		3	2	15	0	1254	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0005-5808-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmly ScriptBlock ID: 7366cdd7-fe10-4c63-b93c-a51b892313e1 Path:	4104	1		3	2	15	0	1253	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3356	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0005-5808-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1252	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3104	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0001-e9ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2560 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1251	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	2604	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0001-e9ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1250	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2560	3104	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:43 PM	1909dffc-a75a-0001-e9ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1249	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	2308	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:41 PM	1909dffc-a75a-0005-5308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 2852 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1248	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	1764	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:41 PM	1909dffc-a75a-0005-5308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1247	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	2852	2308	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:41 PM	1909dffc-a75a-0005-5308-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 00ad99e9-dbfa-421a-80cd-e443c6996ea5 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 09c0f412-032b-4a1a-b023-00701791fc6d Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1246	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1724	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:41 PM	1909dffc-a75a-0000-feee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 069124b5-33c7-4133-963f-8a0c21bbace3 Path:	4104	1		3	2	15	0	1245	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-c136-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: fbeced39-f38b-47a3-8a99-36b91082eb81 Path:	4104	1		3	2	15	0	1244	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-ba36-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9b167d77-21ba-4644-b5f8-c034cc78bd6f Path:	4104	1		3	2	15	0	1243	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-ab36-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): te/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 0de18491-0ee1-4233-81f2-04b4b62aea0e Path:	4104	1		3	2	15	0	1242	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-a536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): XEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\networking-hyperv\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically crea ScriptBlock ID: 0de18491-0ee1-4233-81f2-04b4b62aea0e Path:	4104	1		3	2	15	0	1241	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-a536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): CBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZ ScriptBlock ID: 0de18491-0ee1-4233-81f2-04b4b62aea0e Path:	4104	1		3	2	15	0	1240	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-a536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgI ScriptBlock ID: 0de18491-0ee1-4233-81f2-04b4b62aea0e Path:	4104	1		3	2	15	0	1239	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0004-a536-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1238	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	4628	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0005-5208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4972 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1237	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	1980	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0005-5208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1236	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4972	4628	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:40 PM	1909dffc-a75a-0005-5208-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1235	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3640	536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:39 PM	1909dffc-a75a-0005-4908-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3640 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1234	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3640	1412	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:39 PM	1909dffc-a75a-0005-4908-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1233	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3640	536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0005-4908-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1232	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1992	4952	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0003-82ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1992 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1231	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1992	4756	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0003-82ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1230	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1992	4952	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0003-82ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: bbab10ae-9399-4761-9aff-bb6b84fddf0a Path:	4104	1		3	2	15	0	1229	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	1160	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0000-ceee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a05d51d3-376e-45e8-a2c3-e76d28ef103a Path:	4104	1		3	2	15	0	1228	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4220	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:38 PM	1909dffc-a75a-0001-c4ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: e5a21ee3-bbe7-414e-8438-8eb4e34e133c Path:	4104	1		3	2	15	0	1227	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4220	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0000-c1ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-nova.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547176.09-168789455811718\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-nova.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659547176.09-168789455811718'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: fcabf9cd-dfd9-479e-ab19-64be027d8c62 Path:	4104	1		3	2	15	0	1226	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4220	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0000-bbee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): CAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzd ScriptBlock ID: fcabf9cd-dfd9-479e-ab19-64be027d8c62 Path:	4104	1		3	2	15	0	1225	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4220	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0000-bbee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKI ScriptBlock ID: fcabf9cd-dfd9-479e-ab19-64be027d8c62 Path:	4104	1		3	2	15	0	1224	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4220	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0000-bbee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1223	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4872	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0003-7dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 1152 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1222	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0003-7dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1221	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	1152	4872	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0003-7dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659547176.09-168789455811718\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: f9b2fe57-3629-40dc-aeba-1b19f151e9a8 Path:	4104	1		3	2	15	0	1220	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	2164	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0004-7636-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1219	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	1536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0002-18eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4944 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1218	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	5048	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0002-18eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1217	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4944	1536	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:37 PM	1909dffc-a75a-0002-18eb-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1216	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	4168	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0003-7bea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3604 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1215	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	188	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0003-7bea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1214	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	4168	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0003-7bea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1213	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	3184	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0000-b3ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3092 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1212	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	3484	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0000-b3ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1211	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3092	3184	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:36 PM	1909dffc-a75a-0000-b3ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 570a26f0-d007-4d40-ad61-1e3ca5bcba6c Path:	4104	1		3	2	15	0	1210	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	4104	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0000-97ee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 6b7db494-42a3-4eaf-bd99-5300d0de1af6 Path:	4104	1		3	2	15	0	1209	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0004-6436-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9948511c-27df-421a-92c2-ec141451d747 Path:	4104	1		3	2	15	0	1208	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0005-3108-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-nova.log", "checksum": "ab0523f91bc3b3f0441fb81aed9f1725b4bb0894", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-5686xtZq9a/tmpU2Zek9"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 5315b046-2065-46d0-aa84-c7bee98adce0 Path:	4104	1		3	2	15	0	1207	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0005-2b08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): 3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2 ScriptBlock ID: 5315b046-2065-46d0-aa84-c7bee98adce0 Path:	4104	1		3	2	15	0	1206	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0005-2b08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): wogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY ScriptBlock ID: 5315b046-2065-46d0-aa84-c7bee98adce0 Path:	4104	1		3	2	15	0	1205	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0005-2b08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkge ScriptBlock ID: 5315b046-2065-46d0-aa84-c7bee98adce0 Path:	4104	1		3	2	15	0	1204	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1460	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0005-2b08-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1203	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0003-70ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4364 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1202	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	2332	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:35 PM	1909dffc-a75a-0003-70ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1201	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4364	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:19:34 PM	1909dffc-a75a-0003-70ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1200	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4800	4432	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:07 PM	1909dffc-a75a-0003-45ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4800 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1199	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4800	3692	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:07 PM	1909dffc-a75a-0003-45ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1198	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4800	4432	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:07 PM	1909dffc-a75a-0003-45ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 2a94a0db-e7a3-4a4a-8b72-91b9d88c20ed Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 0abbdec3-a615-4fae-ab2a-a842b06dd049 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1197	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4516	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:07 PM	1909dffc-a75a-0000-3eee-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: dafd3cd7-cbeb-4c7d-af7f-f79e6792605a Path:	4104	1		3	2	15	0	1196	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-35ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: ba1e0c03-907a-4e2b-9fbf-b91990e79cf5 Path:	4104	1		3	2	15	0	1195	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0005-db07-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: ce8b5cee-654e-4db1-b44c-de975c5b606c Path:	4104	1		3	2	15	0	1194	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-24ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 4): ogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\nova", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: cb1dd7af-81d8-44f9-b6b7-0463f13b2472 Path:	4104	1		3	2	15	0	1193	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1eea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 4): iAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYm ScriptBlock ID: cb1dd7af-81d8-44f9-b6b7-0463f13b2472 Path:	4104	1		3	2	15	0	1192	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1eea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 4): HdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpb ScriptBlock ID: cb1dd7af-81d8-44f9-b6b7-0463f13b2472 Path:	4104	1		3	2	15	0	1191	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1eea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 4): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsI ScriptBlock ID: cb1dd7af-81d8-44f9-b6b7-0463f13b2472 Path:	4104	1		3	2	15	0	1190	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	4776	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1eea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1189	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	596	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4544 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1188	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	1464	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1187	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4544	596	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:06 PM	1909dffc-a75a-0003-1cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 96a8d516-4f75-4899-9c71-36c8d960ad30 Path:	4104	1		3	2	15	0	1186	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	3124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0005-bf07-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9dea45ca-b8e1-42a7-ac53-a5b479575df7 Path:	4104	1		3	2	15	0	1185	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	3124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0005-b007-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): mNvZGluZyIgLXR5cGUgInN0ciIgLWRlZmF1bHQgImF1dG8iOwokbmV3bGluZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJuZXdsaW5lIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAid2luZG93cyIgLXZhbGlkYXRlc2V0ICJ1bml4Iiwid2luZG93cyI7CgojIEZhaWwgaWYgdGhlIHBhdGggaXMgbm90IGEgZmlsZQpJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCAtUGF0aFR5cGUgImNvbnRhaW5lciIpIHsKCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggaXMgYSBkaXJlY3RvcnkiOwp9CgojIERlZmF1bHQgdG8gd2luZG93cyBsaW5lIHNlcGFyYXRvciAtIHByb2JhYmx5IG1vc3QgY29tbW9uCiRsaW5lc2VwID0gImByYG4iCklmICgkbmV3bGluZSAtZXEgInVuaXgiKSB7CgkkbGluZXNlcCA9ICJgbiI7Cn0KCiMgRmlndXJlIG91dCB0aGUgcHJvcGVyIGVuY29kaW5nIHRvIHVzZSBmb3IgcmVhZGluZyAvIHdyaXRpbmcgdGhlIHRhcmdldCBmaWxlLgoKIyBUaGUgZGVmYXVsdCBlbmNvZGluZyBpcyBVVEYtOCB3aXRob3V0IEJPTQokZW5jb2RpbmdvYmogPSBbU3lzdGVtLlRleHQuVVRGOEVuY29kaW5nXSAkZmFsc2U7CgojIElmIGFuIGV4cGxpY2l0IGVuY29kaW5nIGlzIHNwZWNpZmllZCwgdXNlIHRoYXQgaW5zdGVhZApJZiAoJGVuY29kaW5nIC1uZSAiYXV0byIpIHsKCSRlbmNvZGluZ29iaiA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5nKCRlbmNvZGluZyk7Cn0KCiMgT3RoZXJ3aXNlIHNlZSBpZiB3ZSBjYW4gZGV0ZXJtaW5lIHRoZSBjdXJyZW50IGVuY29kaW5nIG9mIHRoZSB0YXJnZXQgZmlsZS4KIyBJZiB0aGUgZmlsZSBkb2Vzbid0IGV4aXN0IHlldCAoY3JlYXRlID09ICd5ZXMnKSB3ZSB1c2UgdGhlIGRlZmF1bHQgb3IKIyBleHBsaWNpdGx5IHNwZWNpZmllZCBlbmNvZGluZyBzZXQgYWJvdmUuCkVsc2VJZiAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkgewoKCSMgR2V0IGEgc29ydGVkIGxpc3Qgb2YgZW5jb2RpbmdzIHdpdGggcHJlYW1ibGVzLCBsb25nZXN0IGZpcnN0CgkkbWF4X3ByZWFtYmxlX2xlbiA9IDA7Cgkkc29ydGVkbGlzdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLlNvcnRlZExpc3Q7CglGb3JlYWNoICgkZW5jb2RpbmdpbmZvIGluIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OkdldEVuY29kaW5ncygpKSB7CgkJJGVuY29kaW5nID0gJGVuY29kaW5naW5mby5HZXRFbmNvZGluZygpOwoJCSRwbGVuID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCkuTGVuZ3RoOwoJCUlmICgkcGxlbiAtZ3QgJG1heF9wcmVhbWJsZV9sZW4pIHsKCQkJJG1heF9wcmVhbWJsZV9sZW4gPSAkcGxlbjsKCQl9CgkJSWYgKCRwbGVuIC1ndCAwKSB7CgkJCSRzb3J0ZWRsaXN0LkFkZCgtKCRwbGVuICogMTAwMDAwMCArICRlbmNvZGluZy5Db2RlUGFnZSksICRlbmNvZGluZyk7CgkJfQoJfQoKCSMgR2V0IHRoZSBmaXJzdCBOIGJ5dGVzIGZyb20gdGhlIGZpbGUsIHdoZXJlIE4gaXMgdGhlIG1heCBwcmVhbWJsZSBsZW5ndGggd2Ugc2F3CglbQnl0ZVtdXSRib20gPSBHZXQtQ29udGVudCAtRW5jb2RpbmcgQnl0ZSAtUmVhZENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1Ub3RhbENvdW50ICRtYXhfcHJlYW1ibGVfbGVuIC1MaXRlcmFsUGF0aCAkcGF0aDsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgc29ydGVkIGVuY29kaW5ncywgbG9va2luZyBmb3IgYSBmdWxsIG1hdGNoLgoJJGZvdW5kID0gJGZhbHNlOwoJRm9yZWFjaCAoJGVuY29kaW5nIGluICRzb3J0ZWRsaXN0LkdldFZhbHVlTGlzdCgpKSB7CgkJJHByZWFtYmxlID0gJGVuY29kaW5nLkdldFByZWFtYmxlKCk7CgkJSWYgKCRwcmVhbWJsZSAtYW5kICRib20pIHsKCQkJRm9yZWFjaCAoJGkgaW4gMC4uKCRwcmVhbWJsZS5MZW5ndGggLSAxKSkgewoJCQkJSWYgKCRpIC1nZSAkYm9tLkxlbmd0aCkgewoJCQkJCWJyZWFrOwoJCQkJfQoJCQkJSWYgKCRwcmVhbWJsZVskaV0gLW5lICRib21bJGldKSB7CgkJCQkJYnJlYWs7CgkJCQl9CgkJCQlFbHNlSWYgKCRpICsgMSAtZXEgJHByZWFtYmxlLkxlbmd0aCkgewoJCQkJCSRlbmNvZGluZ29iaiA9ICRlbmNvZGluZzsKCQkJCQkkZm91bmQgPSAkdHJ1ZTsKCQkJCX0KCQkJfQoJCQlJZiAoJGZvdW5kKSB7CgkJCQlicmVhazsKCQkJfQoJCX0KCX0KfQoKCiMgTWFpbiBkaXNwYXRjaCAtIGJhc2VkIG9uIHRoZSB2YWx1ZSBvZiAnc3RhdGUnLCBwZXJmb3JtIGFyZ3VtZW50IHZhbGlkYXRpb24gYW5kCiMgY2FsbCB0aGUgYXBwcm9wcmlhdGUgaGFuZGxlciBmdW5jdGlvbi4KSWYgKCRzdGF0ZSAtZXEgInByZXNlbnQiKSB7CgoJSWYgKCRiYWNrcmVmcyAtYW5kIC1ub3QgJHJlZ2V4cCkgewoJICAgIEZhaWwtSnNvbiBAe30gInJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBiYWNrcmVmcz10cnVlIjsKCX0KCglJZiAoLW5vdCAkbGluZSkgewoJCUZhaWwtSnNvbiBAe30gImxpbmU9IGlzIHJlcXVpcmVkIHdpdGggc3RhdGU9cHJlc2VudCI7Cgl9CgoJSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YWZ0ZXIpIHsKCQlBZGQtV2FybmluZyAkcmVzdWx0ICJCb3RoIGluc2VydGJlZm9yZSBhbmQgaW5zZXJ0YWZ0ZXIgcGFyYW1ldGVycyBmb3VuZCwgaWdub3JpbmcgYCJpbnNlcnRhZnRlcj0kaW5zZXJ0YWZ0ZXJgIiIKCX0KCglJZiAoLW5vdCAkaW5zZXJ0YmVmb3JlIC1hbmQgLW5vdCAkaW5zZXJ0YWZ0ZXIpIHsKCQkkaW5zZXJ0YWZ0ZXIgPSAiRU9GIjsKCX0KCglQcmVzZW50ICRwYXRoICRyZWdleHAgJGxpbmUgJGluc2VydGFmdGVyICRpbnNlcnRiZWZvcmUgJGNyZWF0ZSAkYmFja3VwICRiYWNrcmVmcyAkdmFsaWRhdGUgJGVuY29kaW5nb2JqICRsaW5lc2VwICRjaGVja19tb2RlICRkaWZmX3N1cHBvcnQ7Cgp9CkVsc2VJZiAoJHN0YXRlIC1lcSAiYWJzZW50IikgewoKCUlmICgtbm90ICRyZWdleHAgLWFuZCAtbm90ICRsaW5lKSB7CgkJRmFpbC1Kc29uIEB7fSAib25lIG9mIGxpbmU9IG9yIHJlZ2V4cD0gaXMgcmVxdWlyZWQgd2l0aCBzdGF0ZT1hYnNlbnQiOwoJfQoKCUFic2VudCAkcGF0aCAkcmVnZXhwICRsaW5lICRiYWNrdXAgJHZhbGlkYXRlICRlbmNvZGluZ29iaiAkbGluZXNlcCAkY2hlY2tfbW9kZSAkZGlmZl9zdXBwb3J0Owp9Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "regexp": "^nova[^-] *.*(@|<|>|=).*", "newline": "unix", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_check_mode": false, "_ansible_shell_executable": "/bin/sh", "path": "c:\\openstack\\build\\\\requirements\\\\upper-constraints.txt", "line": "nova @ file:///C:/openstack/build/nova#egg=nova", "_ansible_tmpdir": null, "_ansible_module_name": "win_lineinfile", "_ansible_debug": false}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 244069de-d911-42cc-aa5b-2d80bcf61245 Path:	4104	1		3	2	15	0	1184	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	3124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0005-aa07-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKCmZ1bmN0aW9uIFdyaXRlTGluZXMoJG91dGxpbmVzLCAkcGF0aCwgJGxpbmVzZXAsICRlbmNvZGluZ29iaiwgJHZhbGlkYXRlLCAkY2hlY2tfbW9kZSkgewoJVHJ5IHsKCQkkdGVtcHBhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRUZW1wRmlsZU5hbWUoKTsKCX0KCUNhdGNoIHsKCQlGYWlsLUpzb24gQHt9ICJDYW5ub3QgY3JlYXRlIHRlbXBvcmFyeSBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCSRqb2luZWQgPSAkb3V0bGluZXMgLWpvaW4gJGxpbmVzZXA7CglbU3lzdGVtLklPLkZpbGVdOjpXcml0ZUFsbFRleHQoJHRlbXBwYXRoLCAkam9pbmVkLCAkZW5jb2RpbmdvYmopOwoKCUlmICgkdmFsaWRhdGUpIHsKCgkJSWYgKC1ub3QgKCR2YWxpZGF0ZSAtbGlrZSAiKiVzKiIpKSB7CgkJCUZhaWwtSnNvbiBAe30gInZhbGlkYXRlIG11c3QgY29udGFpbiAlczogJHZhbGlkYXRlIjsKCQl9CgoJCSR2YWxpZGF0ZSA9ICR2YWxpZGF0ZS5SZXBsYWNlKCIlcyIsICR0ZW1wcGF0aCk7CgoJCSRwYXJ0cyA9IFtTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0XSAkdmFsaWRhdGUuU3BsaXQoIiAiKTsKCQkkY21kbmFtZSA9ICRwYXJ0c1swXTsKCgkJJGNtZGFyZ3MgPSAkdmFsaWRhdGUuU3Vic3RyaW5nKCRjbWRuYW1lLkxlbmd0aCArIDEpOwoKCQkkcHJvY2VzcyA9IFtEaWFnbm9zdGljcy5Qcm9jZXNzXTo6U3RhcnQoJGNtZG5hbWUsICRjbWRhcmdzKTsKCQkkcHJvY2Vzcy5XYWl0Rm9yRXhpdCgpOwoKCQlJZiAoJHByb2Nlc3MuRXhpdENvZGUgLW5lIDApIHsKCQkJW3N0cmluZ10gJG91dHB1dCA9ICRwcm9jZXNzLlN0YW5kYXJkT3V0cHV0LlJlYWRUb0VuZCgpOwoJCQlbc3RyaW5nXSAkZXJyb3IgPSAkcHJvY2Vzcy5TdGFuZGFyZEVycm9yLlJlYWRUb0VuZCgpOwoJCQlSZW1vdmUtSXRlbSAkdGVtcHBhdGggLWZvcmNlOwoJCQlGYWlsLUpzb24gQHt9ICJmYWlsZWQgdG8gdmFsaWRhdGUgJGNtZG5hbWUgJGNtZGFyZ3Mgd2l0aCBlcnJvcjogJG91dHB1dCAkZXJyb3IiOwoJCX0KCgl9CgoJIyBDb21taXQgY2hhbmdlcyB0byB0aGUgcGF0aAoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJVHJ5IHsKCQlDb3B5LUl0ZW0gJHRlbXBwYXRoICRjbGVhbnBhdGggLWZvcmNlIC1FcnJvckFjdGlvbiBTdG9wIC1XaGF0SWY6JGNoZWNrX21vZGU7Cgl9CglDYXRjaCB7CgkJRmFpbC1Kc29uIEB7fSAiQ2Fubm90IHdyaXRlIHRvOiAkY2xlYW5wYXRoICgkKCRfLkV4Y2VwdGlvbi5NZXNzYWdlKSkiOwoJfQoKCVRyeSB7CgkJUmVtb3ZlLUl0ZW0gJHRlbXBwYXRoIC1mb3JjZSAtRXJyb3JBY3Rpb24gU3RvcCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCByZW1vdmUgdGVtcG9yYXJ5IGZpbGU6ICR0ZW1wcGF0aCAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCglyZXR1cm4gJGpvaW5lZDsKCn0KCgojIEJhY2t1cCB0aGUgZmlsZSBzcGVjaWZpZWQgd2l0aCBhIGRhdGUvdGltZSBmaWxlbmFtZQpmdW5jdGlvbiBCYWNrdXBGaWxlKCRwYXRoLCAkY2hlY2tfbW9kZSkgewoJJGJhY2t1cHBhdGggPSAkcGF0aCArICIuIiArIFtEYXRlVGltZV06Ok5vdy5Ub1N0cmluZygieXl5eU1NZGQtSEhtbXNzIik7CglUcnkgewoJCUNvcHktSXRlbSAkcGF0aCAkYmFja3VwcGF0aCAtV2hhdElmOiRjaGVja19tb2RlOwoJfQoJQ2F0Y2ggewoJCUZhaWwtSnNvbiBAe30gIkNhbm5vdCBjb3B5IGJhY2t1cCBmaWxlISAoJCgkXy5FeGNlcHRpb24uTWVzc2FnZSkpIjsKCX0KCXJldHVybiAkYmFja3VwcGF0aDsKfQoKCiMgSW1wbGVtZW50IHRoZSBmdW5jdGlvbmFsaXR5IGZvciBzdGF0ZSA9PSAncHJlc2VudCcKZnVuY3Rpb24gUHJlc2VudCgkcGF0aCwgJHJlZ2V4cCwgJGxpbmUsICRpbnNlcnRhZnRlciwgJGluc2VydGJlZm9yZSwgJGNyZWF0ZSwgJGJhY2t1cCwgJGJhY2tyZWZzLCAkdmFsaWRhdGUsICRlbmNvZGluZ29iaiwgJGxpbmVzZXAsICRjaGVja19tb2RlLCAkZGlmZl9zdXBwb3J0KSB7CgoJIyBOb3RlIHRoYXQgd2UgaGF2ZSB0byBjbGVhbiB1cCB0aGUgcGF0aCBiZWNhdXNlIGFuc2libGUgd2FudHMgdG8gdHJlYXQgLyBhbmQgXCBhcwoJIyBpbnRlcmNoYW5nZWFibGUgaW4gd2luZG93cyBwYXRobmFtZXMsIGJ1dCAuTkVUIGZyYW1ld29yayBpbnRlcm5hbHMgZG8gbm90IHN1cHBvcnQgdGhhdC4KCSRjbGVhbnBhdGggPSAkcGF0aC5SZXBsYWNlKCIvIiwgIlwiKTsKCgkjIENoZWNrIGlmIHBhdGggZXhpc3RzLiBJZiBpdCBkb2VzIG5vdCBleGlzdCwgZWl0aGVyIGNyZWF0ZSBpdCBpZiBjcmVhdGUgPT0gInllcyIKCSMgd2FzIHNwZWNpZmllZCBvciBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlJZiAoLW5vdCAkY3JlYXRlKSB7CgkJCUZhaWwtSnNvbiBAe30gIlBhdGggJHBhdGggZG9lcyBub3QgZXhpc3QgISI7CgkJfQoJCSMgQ3JlYXRlIG5ldyBlbXB0eSBmaWxlLCB1c2luZyB0aGUgc3BlY2lmaWVkIGVuY29kaW5nIHRvIHdyaXRlIGNvcnJlY3QgQk9NCgkJW1N5c3RlbS5JTy5GaWxlXTo6V3JpdGVBbGxMaW5lcygkY2xlYW5wYXRoLCAiIiwgJGVuY29kaW5nb2JqKTsKCX0KCgkjIEluaXRpYWxpemUgcmVzdWx0IGluZm9ybWF0aW9uCgkkcmVzdWx0ID0gQHsKCQliYWNrdXAgPSAiIjsKCQljaGFuZ2VkID0gJGZhbHNlOwoJCW1zZyA9ICIiOwoJfQoKCSMgUmVhZCB0aGUgZGVzdCBmaWxlIGxpbmVzIHVzaW5nIHRoZSBpbmRpY2F0ZWQgZW5jb2RpbmcgaW50byBhIG11dGFibGUgQXJyYXlMaXN0LgoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopCglJZiAoJGJlZm9yZSAtZXEgJG51bGwpIHsKCQkkbGluZXMgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7Cgl9CglFbHNlIHsKCQkkbGluZXMgPSBbU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdF0gJGJlZm9yZTsKCX0KCglpZiAoJGRpZmZfc3VwcG9ydCkgewoJCSRyZXN1bHQuZGlmZiA9IEB7CgkJCWJlZm9yZSA9ICRiZWZvcmUgLWpvaW4gJGxpbmVzZXA7CgkJfQoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggc3BlY2lmaWVkLCBpZiBwcm92aWRlZAoJJG1yZSA9ICRudWxsOwoJSWYgKCRyZWdleHApIHsKCQkkbXJlID0gTmV3LU9iamVjdCBSZWdleCAkcmVnZXhwLCAnQ29tcGlsZWQnOwoJfQoKCSMgQ29tcGlsZSB0aGUgcmVnZXggZm9yIGluc2VydGFmdGVyIG9yIGluc2VydGJlZm9yZSwgaWYgcHJvdmlkZWQKCSRpbnNyZSA9ICRudWxsOwoJSWYgKCRpbnNlcnRhZnRlciAtYW5kICRpbnNlcnRhZnRlciAtbmUgIkJPRiIgLWFuZCAkaW5zZXJ0YWZ0ZXIgLW5lICJFT0YiKSB7CgkJJGluc3JlID0gTmV3LU9iamVjdCBSZWdleCAkaW5zZXJ0YWZ0ZXIsICdDb21waWxlZCc7Cgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWFuZCAkaW5zZXJ0YmVmb3JlIC1uZSAiQk9GIikgewoJCSRpbnNyZSA9IE5ldy1PYmplY3QgUmVnZXggJGluc2VydGJlZm9yZSwgJ0NvbXBpbGVkJzsKCX0KCgkjIGluZGV4WzBdIGlzIHRoZSBsaW5lIG51bSB3aGVyZSByZWdleHAgaGFzIGJlZW4gZm91bmQKCSMgaW5kZXhbMV0gaXMgdGhlIGxpbmUgbnVtIHdoZXJlIGluc2VydGFmdGVyL2luc2VyYmVmb3JlIGhhcyBiZWVuIGZvdW5kCgkkaW5kZXggPSAtMSwgLTE7CgkkbGluZW5vID0gMDsKCgkjIFRoZSBsYXRlc3QgbWF0Y2ggb2JqZWN0IGFuZCBtYXRjaGVkIGxpbmUKCSRtYXRjaGVkX2xpbmUgPSAiIjsKCgkjIEl0ZXJhdGUgdGhyb3VnaCB0aGUgbGluZXMgaW4gdGhlIGZpbGUgbG9va2luZyBmb3IgbWF0Y2hlcwoJRm9yZWFjaCAoJGN1cl9saW5lIGluICRsaW5lcykgewoJCUlmICgkcmVnZXhwKSB7CgkJCSRtID0gJG1yZS5NYXRjaCgkY3VyX2xpbmUpOwoJCQkkbWF0Y2hfZm91bmQgPSAkbS5TdWNjZXNzOwoJCQlJZiAoJG1hdGNoX2ZvdW5kKSB7CgkJCQkkbWF0Y2hlZF9saW5lID0gJGN1cl9saW5lOwoJCQl9CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkaW5kZXhbMF0gPSAkbGluZW5vOwoJCX0KCQlFbHNlSWYgKCRpbnNyZSAtYW5kICRpbnNyZS5NYXRjaCgkY3VyX2xpbmUpLlN1Y2Nlc3MpIHsKCQkJSWYgKCRpbnNlcnRhZnRlcikgewoJCQkJJGluZGV4WzFdID0gJGxpbmVubyArIDE7CgkJCX0KCQkJSWYgKCRpbnNlcnRiZWZvcmUpIHsKCQkJCSRpbmRleFsxXSA9ICRsaW5lbm87CgkJCX0KCQl9CgkJJGxpbmVubyA9ICRsaW5lbm8gKyAxOwoJfQoKCUlmICgkaW5kZXhbMF0gLW5lIC0xKSB7CgkJSWYgKCRiYWNrcmVmcykgewoJCSAgICAkbmV3X2xpbmUgPSBbcmVnZXhdOjpSZXBsYWNlKCRtYXRjaGVkX2xpbmUsICRyZWdleHAsICRsaW5lKTsKCQl9CgkJRWxzZSB7CgkJCSRuZXdfbGluZSA9ICRsaW5lOwoJCX0KCQlJZiAoJGxpbmVzWyRpbmRleFswXV0gLWNuZSAkbmV3X2xpbmUpIHsKCQkJJGxpbmVzWyRpbmRleFswXV0gPSAkbmV3X2xpbmU7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIHJlcGxhY2VkIjsKCQl9Cgl9CglFbHNlSWYgKCRiYWNrcmVmcykgewoJCSMgTm8gbWF0Y2hlcyAtIG5vLW9wCgl9CglFbHNlSWYgKCRpbnNlcnRiZWZvcmUgLWVxICJCT0YiIC1vciAkaW5zZXJ0YWZ0ZXIgLWVxICJCT0YiKSB7CgkJJGxpbmVzLkluc2VydCgwLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CglFbHNlSWYgKCRpbnNlcnRhZnRlciAtZXEgIkVPRiIgLW9yICRpbmRleFsxXSAtZXEgLTEpIHsKCQkkbGluZXMuQWRkKCRsaW5lKTsKCQkkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZTsKCQkkcmVzdWx0Lm1zZyA9ICJsaW5lIGFkZGVkIjsKCX0KCUVsc2UgewoJCSRsaW5lcy5JbnNlcnQoJGluZGV4WzFdLCAkbGluZSk7CgkJJHJlc3VsdC5jaGFuZ2VkID0gJHRydWU7CgkJJHJlc3VsdC5tc2cgPSAibGluZSBhZGRlZCI7Cgl9CgoJIyBXcml0ZSBjaGFuZ2VzIHRvIHRoZSBwYXRoIGlmIGNoYW5nZXMgd2VyZSBtYWRlCglJZiAoJHJlc3VsdC5jaGFuZ2VkKSB7CgoJCSMgV3JpdGUgYmFja3VwIGZpbGUgaWYgYmFja3VwID09ICJ5ZXMiCgkJSWYgKCRiYWNrdXApIHsKCQkJJHJlc3VsdC5iYWNrdXAgPSBCYWNrdXBGaWxlICRwYXRoICRjaGVja19tb2RlOwoJCX0KCgkJJGFmdGVyID0gV3JpdGVMaW5lcyAkbGluZXMgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIEltcGxlbWVudCB0aGUgZnVuY3Rpb25hbGl0eSBmb3Igc3RhdGUgPT0gJ2Fic2VudCcKZnVuY3Rpb24gQWJzZW50KCRwYXRoLCAkcmVnZXhwLCAkbGluZSwgJGJhY2t1cCwgJHZhbGlkYXRlLCAkZW5jb2RpbmdvYmosICRsaW5lc2VwLCAkY2hlY2tfbW9kZSwgJGRpZmZfc3VwcG9ydCkgewoKCSMgQ2hlY2sgaWYgcGF0aCBleGlzdHMuIElmIGl0IGRvZXMgbm90IGV4aXN0LCBmYWlsIHdpdGggYSByZWFzb25hYmxlIGVycm9yIG1lc3NhZ2UuCglJZiAoLW5vdCAoVGVzdC1QYXRoIC1MaXRlcmFsUGF0aCAkcGF0aCkpIHsKCQlGYWlsLUpzb24gQHt9ICJQYXRoICRwYXRoIGRvZXMgbm90IGV4aXN0ICEiOwoJfQoKCSMgSW5pdGlhbGl6ZSByZXN1bHQgaW5mb3JtYXRpb24KCSRyZXN1bHQgPSBAewoJCWJhY2t1cCA9ICIiOwoJCWNoYW5nZWQgPSAkZmFsc2U7CgkJbXNnID0gIiI7Cgl9CgoJIyBSZWFkIHRoZSBkZXN0IGZpbGUgbGluZXMgdXNpbmcgdGhlIGluZGljYXRlZCBlbmNvZGluZyBpbnRvIGEgbXV0YWJsZSBBcnJheUxpc3QuIE5vdGUKCSMgdGhhdCB3ZSBoYXZlIHRvIGNsZWFuIHVwIHRoZSBwYXRoIGJlY2F1c2UgYW5zaWJsZSB3YW50cyB0byB0cmVhdCAvIGFuZCBcIGFzCgkjIGludGVyY2hhbmdlYWJsZSBpbiB3aW5kb3dzIHBhdGhuYW1lcywgYnV0IC5ORVQgZnJhbWV3b3JrIGludGVybmFscyBkbyBub3Qgc3VwcG9ydCB0aGF0LgoJJGNsZWFucGF0aCA9ICRwYXRoLlJlcGxhY2UoIi8iLCAiXCIpOwoJJGJlZm9yZSA9IFtTeXN0ZW0uSU8uRmlsZV06OlJlYWRBbGxMaW5lcygkY2xlYW5wYXRoLCAkZW5jb2RpbmdvYmopOwoJSWYgKCRiZWZvcmUgLWVxICRudWxsKSB7CgkJJGxpbmVzID0gTmV3LU9iamVjdCBTeXN0ZW0uQ29sbGVjdGlvbnMuQXJyYXlMaXN0OwoJfQoJRWxzZSB7CgkJJGxpbmVzID0gW1N5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3RdICRiZWZvcmU7Cgl9CgoJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkkcmVzdWx0LmRpZmYgPSBAewoJCQliZWZvcmUgPSAkYmVmb3JlIC1qb2luICRsaW5lc2VwOwoJCX0KCX0KCgkjIENvbXBpbGUgdGhlIHJlZ2V4IHNwZWNpZmllZCwgaWYgcHJvdmlkZWQKCSRjcmUgPSAkbnVsbDsKCUlmICgkcmVnZXhwKSB7CgkJJGNyZSA9IE5ldy1PYmplY3QgUmVnZXggJHJlZ2V4cCwgJ0NvbXBpbGVkJzsKCX0KCgkkZm91bmQgPSBOZXctT2JqZWN0IFN5c3RlbS5Db2xsZWN0aW9ucy5BcnJheUxpc3Q7CgkkbGVmdCA9IE5ldy1PYmplY3QgU3lzdGVtLkNvbGxlY3Rpb25zLkFycmF5TGlzdDsKCglGb3JlYWNoICgkY3VyX2xpbmUgaW4gJGxpbmVzKSB7CgkJSWYgKCRyZWdleHApIHsKCQkJJG0gPSAkY3JlLk1hdGNoKCRjdXJfbGluZSk7CgkJCSRtYXRjaF9mb3VuZCA9ICRtLlN1Y2Nlc3M7CgkJfQoJCUVsc2UgewoJCQkkbWF0Y2hfZm91bmQgPSAkbGluZSAtY2VxICRjdXJfbGluZTsKCQl9CgkJSWYgKCRtYXRjaF9mb3VuZCkgewoJCQkkZm91bmQuQWRkKCRjdXJfbGluZSk7CgkJCSRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlOwoJCX0KCQlFbHNlIHsKCQkJJGxlZnQuQWRkKCRjdXJfbGluZSk7CgkJfQoJfQoKCSMgV3JpdGUgY2hhbmdlcyB0byB0aGUgcGF0aCBpZiBjaGFuZ2VzIHdlcmUgbWFkZQoJSWYgKCRyZXN1bHQuY2hhbmdlZCkgewoKCQkjIFdyaXRlIGJhY2t1cCBmaWxlIGlmIGJhY2t1cCA9PSAieWVzIgoJCUlmICgkYmFja3VwKSB7CgkJCSRyZXN1bHQuYmFja3VwID0gQmFja3VwRmlsZSAkcGF0aCAkY2hlY2tfbW9kZTsKCQl9CgoJCSRhZnRlciA9IFdyaXRlTGluZXMgJGxlZnQgJHBhdGggJGxpbmVzZXAgJGVuY29kaW5nb2JqICR2YWxpZGF0ZSAkY2hlY2tfbW9kZTsKCgkJaWYgKCRkaWZmX3N1cHBvcnQpIHsKCQkJJHJlc3VsdC5kaWZmLmFmdGVyID0gJGFmdGVyOwoJCX0KCX0KCgkkcmVzdWx0LmVuY29kaW5nID0gJGVuY29kaW5nb2JqLldlYk5hbWU7CgkkcmVzdWx0LmZvdW5kID0gJGZvdW5kLkNvdW50OwoJJHJlc3VsdC5tc2cgPSAiJCgkZm91bmQuQ291bnQpIGxpbmUocykgcmVtb3ZlZCI7CgoJRXhpdC1Kc29uICRyZXN1bHQ7Cn0KCgojIFBhcnNlIHRoZSBwYXJhbWV0ZXJzIGZpbGUgZHJvcHBlZCBieSB0aGUgQW5zaWJsZSBtYWNoaW5lcnkKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MgLXN1cHBvcnRzX2NoZWNrX21vZGUgJHRydWU7CiRjaGVja19tb2RlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgIl9hbnNpYmxlX2NoZWNrX21vZGUiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiRkaWZmX3N1cHBvcnQgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKCiMgSW5pdGlhbGl6ZSBkZWZhdWx0cyBmb3IgaW5wdXQgcGFyYW1ldGVycy4KJHBhdGggPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicGF0aCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZSAtYWxpYXNlcyAiZGVzdCIsImRlc3RmaWxlIiwibmFtZSI7CiRyZWdleHAgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAicmVnZXhwIiAtdHlwZSAic3RyIjsKJHN0YXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInN0YXRlIiAtdHlwZSAic3RyIiAtZGVmYXVsdCAicHJlc2VudCIgLXZhbGlkYXRlc2V0ICJwcmVzZW50IiwiYWJzZW50IjsKJGxpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAibGluZSIgLXR5cGUgInN0ciI7CiRiYWNrcmVmcyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrcmVmcyIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGluc2VydGFmdGVyID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImluc2VydGFmdGVyIiAtdHlwZSAic3RyIjsKJGluc2VydGJlZm9yZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJpbnNlcnRiZWZvcmUiIC10eXBlICJzdHIiOwokY3JlYXRlID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgImNyZWF0ZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZTsKJGJhY2t1cCA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJiYWNrdXAiIC10eXBlICJib29sIiAtZGVmYXVsdCAkZmFsc2U7CiR2YWxpZGF0ZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJ2YWxpZGF0ZSIgLXR5cGUgInN0ciI7CiRlbmNvZGluZyA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJlb ScriptBlock ID: 244069de-d911-42cc-aa5b-2d80bcf61245 Path:	4104	1		3	2	15	0	1183	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	3124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0005-aa07-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCA ScriptBlock ID: 244069de-d911-42cc-aa5b-2d80bcf61245 Path:	4104	1		3	2	15	0	1182	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	3124	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0005-aa07-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1181	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	4452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0003-0cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5000 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1180	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	4196	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0003-0cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1179	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5000	4452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:04 PM	1909dffc-a75a-0003-0cea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1178	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4988	3916	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:02 PM	1909dffc-a75a-0003-04ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4988 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1177	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4988	2388	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:02 PM	1909dffc-a75a-0003-04ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1176	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4988	3916	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:02 PM	1909dffc-a75a-0003-04ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 169e5f26-7aaa-461e-a8b5-407200d0ebff Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 96ca4bcc-9f2e-42b1-b750-e0c967d82b85 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1175	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	4532	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:02 PM	1909dffc-a75a-0005-a507-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e87bdd0f-cb95-4c74-8fd2-538b3cf21f1e Path:	4104	1		3	2	15	0	1174	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-1436-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b8466fd4-4fa2-42ff-8ea2-87665e3afc86 Path:	4104	1		3	2	15	0	1173	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-0d36-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 398c1415-74b9-484b-a79c-e3a34f8d92db Path:	4104	1		3	2	15	0	1172	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-fe35-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): Pbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\nova\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 9f35e377-8463-4ea8-9061-fd46881fa1b6 Path:	4104	1		3	2	15	0	1171	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-f835-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): c3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiB ScriptBlock ID: 9f35e377-8463-4ea8-9061-fd46881fa1b6 Path:	4104	1		3	2	15	0	1170	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-f835-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRf ScriptBlock ID: 9f35e377-8463-4ea8-9061-fd46881fa1b6 Path:	4104	1		3	2	15	0	1169	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	1772	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0004-f835-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1168	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	2112	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:01 PM	1909dffc-a75a-0005-9507-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4772 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1167	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	4700	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:00 PM	1909dffc-a75a-0005-9507-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1166	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4772	2112	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:16:00 PM	1909dffc-a75a-0005-9507-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1165	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5060	4260	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0003-f8e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 5060 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1164	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5060	3756	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0003-f8e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1163	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	5060	4260	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0003-f8e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1162	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	2416	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0002-c5ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4208 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1161	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	4956	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0002-c5ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1160	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4208	2416	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:59 PM	1909dffc-a75a-0002-c5ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 07a05fb2-9795-4e9f-83e6-94c241b718ca Path:	4104	1		3	2	15	0	1159	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2600	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-a2ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b79108c0-edd8-4f81-951a-d6ae2e6c38a3 Path:	4104	1		3	2	15	0	1158	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-95ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 11a2a280-c3ff-4260-9ff0-14bc18fcdaae Path:	4104	1		3	2	15	0	1157	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-86ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (5 of 5): = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 4db949c5-b668-4c45-85d2-d25f4637ec81 Path:	4104	1		3	2	15	0	1156	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-80ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (4 of 5): gYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_copy_mode": "single", "_ansible_remote_tmp": "%TEMP%", "_ansible_syslog_facility": "LOG_USER", "_ansible_keep_remote_files": false, "_ansible_socket": null, "_original_basename": "pip-install-requirements.log", "_ansible_check_mode": false, "src": "C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659546956.78-48596670958681\\source", "_ansible_no_log": false, "_ansible_module_name": "copy", "_ansible_verbosity": 4, "dest": "c:\\openstack\\log\\pip-install-requirements.log", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_tmpdir": "'C:\\Users\\Admin\\AppData\\Local\\Temp\\ansible-tmp-1659546956.78-48596670958681'"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output ScriptBlock ID: 4db949c5-b668-4c45-85d2-d25f4637ec81 Path:	4104	1		3	2	15	0	1155	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-80ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 5): zZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXM ScriptBlock ID: 4db949c5-b668-4c45-85d2-d25f4637ec81 Path:	4104	1		3	2	15	0	1154	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-80ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 5): ICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHV ScriptBlock ID: 4db949c5-b668-4c45-85d2-d25f4637ec81 Path:	4104	1		3	2	15	0	1153	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-80ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 5): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAg ScriptBlock ID: 4db949c5-b668-4c45-85d2-d25f4637ec81 Path:	4104	1		3	2	15	0	1152	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2988	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0002-80ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1151	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	4796	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0003-efe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4448 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1150	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	2932	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0003-efe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1149	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4448	4796	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:58 PM	1909dffc-a75a-0003-efe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): begin { $path = 'C:\Users\Admin\AppData\Local\Temp\ansible-tmp-1659546956.78-48596670958681\source' $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 $fd = [System.IO.File]::Create($path) $sha1 = [System.Security.Cryptography.SHA1CryptoServiceProvider]::Create() $bytes = @() #initialize for empty file case } process { $bytes = [System.Convert]::FromBase64String($input) $sha1.TransformBlock($bytes, 0, $bytes.Length, $bytes, 0) | Out-Null $fd.Write($bytes, 0, $bytes.Length) } end { $sha1.TransformFinalBlock($bytes, 0, 0) | Out-Null $hash = [System.BitConverter]::ToString($sha1.Hash).Replace("-", "").ToLowerInvariant() $fd.Close() Write-Output "{""sha1"":""$hash""}" } ScriptBlock ID: 38dd0c9e-d9e9-4015-a618-ac656302807b Path:	4104	1		3	2	15	0	1148	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4268	3396	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0000-e6ed-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1147	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4268	4156	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0003-ece9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4268 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1146	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4268	3696	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0003-ece9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1145	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4268	4156	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0003-ece9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1144	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	744	4376	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0002-78ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 744 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1143	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	744	1236	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0002-78ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1142	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	744	4376	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0002-78ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1141	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	4280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:57 PM	1909dffc-a75a-0004-d535-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4608 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1140	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	4556	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:56 PM	1909dffc-a75a-0004-d535-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1139	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4608	4280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:56 PM	1909dffc-a75a-0004-d535-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): #!powershell # Copyright: (c) 2015, Jon Hawkesworth (@jhawkesworth) <figs@unity.demon.co.uk> # Copyright: (c) 2017, Ansible Project # GNU General Public License v3.0+ (see COPYING or https://www.gnu.org/licenses/gpl-3.0.txt) #Requires -Module Ansible.ModuleUtils.Legacy $ErrorActionPreference = 'Stop' $params = Parse-Args -arguments $args -supports_check_mode $true $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false $diff_mode = Get-AnsibleParam -obj $params -name "_ansible_diff" -type "bool" -default $false # there are 4 modes to win_copy which are driven by the action plugins: # explode: src is a zip file which needs to be extracted to dest, for use with multiple files # query: win_copy action plugin wants to get the state of remote files to check whether it needs to send them # remote: all copy action is happening remotely (remote_src=True) # single: a single file has been copied, also used with template $copy_mode = Get-AnsibleParam -obj $params -name "_copy_mode" -type "str" -default "single" -validateset "explode","query","remote","single" # used in explode, remote and single mode $src = Get-AnsibleParam -obj $params -name "src" -type "path" -failifempty ($copy_mode -in @("explode","process","single")) $dest = Get-AnsibleParam -obj $params -name "dest" -type "path" -failifempty $true # used in single mode $original_basename = Get-AnsibleParam -obj $params -name "_original_basename" -type "str" # used in query and remote mode $force = Get-AnsibleParam -obj $params -name "force" -type "bool" -default $true # used in query mode, contains the local files/directories/symlinks that are to be copied $files = Get-AnsibleParam -obj $params -name "files" -type "list" $directories = Get-AnsibleParam -obj $params -name "directories" -type "list" $symlinks = Get-AnsibleParam -obj $params -name "symlinks" -type "list" $result = @{ changed = $false } if ($diff_mode) { $result.diff = @{} } Function Copy-File($source, $dest) { $diff = "" $copy_file = $false $source_checksum = $null if ($force) { $source_checksum = Get-FileChecksum -path $source } if (Test-Path -Path $dest -PathType Container) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': dest is already a folder" } elseif (Test-Path -Path $dest -PathType Leaf) { if ($force) { $target_checksum = Get-FileChecksum -path $dest if ($source_checksum -ne $target_checksum) { $copy_file = $true } } } else { $copy_file = $true } if ($copy_file) { $file_dir = [System.IO.Path]::GetDirectoryName($dest) # validate the parent dir is not a file and that it exists if (Test-Path -Path $file_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } elseif (-not (Test-Path -Path $file_dir)) { # directory doesn't exist, need to create New-Item -Path $file_dir -ItemType Directory -WhatIf:$check_mode | Out-Null $diff += "+$file_dir\`n" } if (Test-Path -Path $dest -PathType Leaf) { Remove-Item -Path $dest -Force -Recurse -WhatIf:$check_mode | Out-Null $diff += "-$dest`n" } if (-not $check_mode) { # cannot run with -WhatIf:$check_mode as if the parent dir didn't # exist and was created above would still not exist in check mode Copy-Item -Path $source -Destination $dest -Force | Out-Null } $diff += "+$dest`n" $result.changed = $true } # ugly but to save us from running the checksum twice, let's return it for # the main code to add it to $result return ,@{ diff = $diff; checksum = $source_checksum } } Function Copy-Folder($source, $dest) { $diff = "" $copy_folder = $false if (-not (Test-Path -Path $dest -PathType Container)) { $parent_dir = [System.IO.Path]::GetDirectoryName($dest) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy file from '$source' to '$dest': object at dest parent dir is not a folder" } if (Test-Path -Path $dest -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder from '$source' to '$dest': dest is already a file" } New-Item -Path $dest -ItemType Container -WhatIf:$check_mode | Out-Null $diff += "+$dest\`n" $result.changed = $true } $child_items = Get-ChildItem -Path $source -Force foreach ($child_item in $child_items) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_item.Name if ($child_item.PSIsContainer) { $diff += (Copy-Folder -source $child_item.Fullname -dest $dest_child_path) } else { $diff += (Copy-File -source $child_item.Fullname -dest $dest_child_path).diff } } return $diff } Function Get-FileSize($path) { $file = Get-Item -Path $path -Force $size = $null if ($file.PSIsContainer) { $dir_files_sum = Get-ChildItem $file.FullName -Recurse if ($dir_files_sum -eq $null -or ($dir_files_sum.PSObject.Properties.name -contains 'length' -eq $false)) { $size = 0 } else { $size = ($dir_files_sum | Measure-Object -property length -sum).Sum } } else { $size = $file.Length } $size } Function Extract-Zip($src, $dest) { $archive = [System.IO.Compression.ZipFile]::Open($src, [System.IO.Compression.ZipArchiveMode]::Read, [System.Text.Encoding]::UTF8) foreach ($entry in $archive.Entries) { $archive_name = $entry.FullName # FullName may be appended with / or \, determine if it is padded and remove it $padding_length = $archive_name.Length % 4 if ($padding_length -eq 0) { $is_dir = $false $base64_name = $archive_name } elseif ($padding_length -eq 1) { $is_dir = $true if ($archive_name.EndsWith("/") -or $archive_name.EndsWith("`\")) { $base64_name = $archive_name.Substring(0, $archive_name.Length - 1) } else { throw "invalid base64 archive name '$archive_name'" } } else { throw "invalid base64 length '$archive_name'" } # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_name = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($base64_name)) # re-add the / to the entry full name if it was a directory if ($is_dir) { $decoded_archive_name = "$decoded_archive_name/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_name) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false) { if (-not $check_mode) { [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $entry_target_path, $true) } } } $archive.Dispose() # release the handle of the zip file } Function Extract-ZipLegacy($src, $dest) { if (-not (Test-Path -Path $dest)) { New-Item -Path $dest -ItemType Directory -WhatIf:$check_mode | Out-Null } $shell = New-Object -ComObject Shell.Application $zip = $shell.NameSpace($src) $dest_path = $shell.NameSpace($dest) foreach ($entry in $zip.Items()) { $is_dir = $entry.IsFolder $encoded_archive_entry = $entry.Name # to handle unicode character, win_copy action plugin has encoded the filename $decoded_archive_entry = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($encoded_archive_entry)) if ($is_dir) { $decoded_archive_entry = "$decoded_archive_entry/" } $entry_target_path = [System.IO.Path]::Combine($dest, $decoded_archive_entry) $entry_dir = [System.IO.Path]::GetDirectoryName($entry_target_path) if (-not (Test-Path -Path $entry_dir)) { New-Item -Path $entry_dir -ItemType Directory -WhatIf:$check_mode | Out-Null } if ($is_dir -eq $false -and (-not $check_mode)) { # https://msdn.microsoft.com/en-us/library/windows/desktop/bb787866.aspx # From Folder.CopyHere documentation, 1044 means: # - 1024: do not display a user interface if an error occurs # - 16: respond with "yes to all" for any dialog box that is displayed # - 4: do not display a progress dialog box $dest_path.CopyHere($entry, 1044) # once file is extraced, we need to rename it with non base64 name $combined_encoded_path = [System.IO.Path]::Combine($dest, $encoded_archive_entry) Move-Item -Path $combined_encoded_path -Destination $entry_target_path -Force | Out-Null } } } if ($copy_mode -eq "query") { # we only return a list of files/directories that need to be copied over # the source of the local file will be the key used $changed_files = @() $changed_directories = @() $changed_symlinks = @() foreach ($file in $files) { $filename = $file.dest $local_checksum = $file.checksum $filepath = Join-Path -Path $dest -ChildPath $filename if (Test-Path -Path $filepath -PathType Leaf) { if ($force) { $checksum = Get-FileChecksum -path $filepath if ($checksum -ne $local_checksum) { $will_change = $true $changed_files += $file } } } elseif (Test-Path -Path $filepath -PathType Container) { Fail-Json -obj $result -message "cannot copy file to dest '$filepath': object at path is already a directory" } else { $changed_files += $file } } foreach ($directory in $directories) { $dirname = $directory.dest $dirpath = Join-Path -Path $dest -ChildPath $dirname $parent_dir = [System.IO.Path]::GetDirectoryName($dirpath) if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at parent directory path is already a file" } if (Test-Path -Path $dirpath -PathType Leaf) { Fail-Json -obj $result -message "cannot copy folder to dest '$dirpath': object at path is already a file" } elseif (-not (Test-Path -Path $dirpath -PathType Container)) { $changed_directories += $directory } } # TODO: Handle symlinks $result.files = $changed_files $result.directories = $changed_directories $result.symlinks = $changed_symlinks } elseif ($copy_mode -eq "explode") { # a single zip file containing the files and directories needs to be # expanded this will always result in a change as the calculation is done # on the win_copy action plugin and is only run if a change needs to occur if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot expand src zip file: '$src' as it does not exist" } # Detect if the PS zip assemblies are available or whether to use Shell $use_legacy = $false try { Add-Type -AssemblyName System.IO.Compression.FileSystem | Out-Null Add-Type -AssemblyName System.IO.Compression | Out-Null } catch { $use_legacy = $true } if ($use_legacy) { Extract-ZipLegacy -src $src -dest $dest } else { Extract-Zip -src $src -dest $dest } $result.changed = $true } elseif ($copy_mode -eq "remote") { # all copy actions are happening on the remote side (windows host), need # too copy source and dest using PS code $result.src = $src $result.dest = $dest if (-not (Test-Path -Path $src)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } if (Test-Path -Path $src -PathType Container) { # we are copying a directory or the contents of a directory $result.operation = 'folder_copy' if ($src.EndsWith("/") -or $src.EndsWith("`\")) { # copying the folder's contents to dest $diff = "" $child_files = Get-ChildItem -Path $src -Force foreach ($child_file in $child_files) { $dest_child_path = Join-Path -Path $dest -ChildPath $child_file.Name if ($child_file.PSIsContainer) { $diff += Copy-Folder -source $child_file.FullName -dest $dest_child_path } else { $diff += (Copy-File -source $child_file.FullName -dest $dest_child_path).diff } } } else { # copying the folder and it's contents to dest $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest $diff = Copy-Folder -source $src -dest $dest } } else { # we are just copying a single file to dest $result.operation = 'file_copy' $source_basename = (Get-Item -Path $src -Force).Name $result.original_basename = $source_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\")) { $dest = Join-Path -Path $dest -ChildPath (Get-Item -Path $src -Force).Name $result.dest = $dest } else { # check if the parent dir exists, this is only done if src is a # file and dest if the path to a file (doesn't end with \ or /) $parent_dir = Split-Path -Path $dest if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } $copy_result = Copy-File -source $src -dest $dest $diff = $copy_result.diff $result.checksum = $copy_result.checksum } # the file might not exist if running in check mode if (-not $check_mode -or (Test-Path -Path $dest -PathType Leaf)) { $result.size = Get-FileSize -path $dest } else { $result.size = $null } if ($diff_mode) { $result.diff.prepared = $diff } } elseif ($copy_mode -eq "single") { # a single file is located in src and we need to copy to dest, this will # always result in a change as the calculation is done on the Ansible side # before this is run. This should also never run in check mode if (-not (Test-Path -Path $src -PathType Leaf)) { Fail-Json -obj $result -message "Cannot copy src file: '$src' as it does not exist" } # the dest parameter is a directory, we need to append original_basename if ($dest.EndsWith("/") -or $dest.EndsWith("`\") -or (Test-Path -Path $dest -PathType Container)) { $remote_dest = Join-Path -Path $dest -ChildPath $original_basename $parent_dir = Split-Path -Path $remote_dest # when dest ends with /, we need to create the destination directories if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { New-Item -Path $parent_dir -ItemType Directory | Out-Null } } else { $remote_dest = $dest $parent_dir = Split-Path -Path $remote_dest # check if the dest parent dirs exist, need to fail if they don't if (Test-Path -Path $parent_dir -PathType Leaf) { Fail-Json -obj $result -message "object at destination parent dir '$parent_dir' is currently a file" } elseif (-not (Test-Path -Path $parent_dir -PathType Container)) { Fail-Json -obj $result -message "Destination directory '$parent_dir' does not exist" } } Copy-Item -Path $src -Destination $remote_dest -Force | Out-Null $result.changed = $true } Exit-Json -obj $result ScriptBlock ID: 39390f97-c434-4e2d-a9f1-2e122a1f5194 Path:	4104	1		3	2	15	0	1138	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	8	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:56 PM	1909dffc-a75a-0001-afec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: a3a6dd7f-475a-4dfc-a1a4-fbab847d0fad Path:	4104	1		3	2	15	0	1137	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	2280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:56 PM	1909dffc-a75a-0001-a2ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 9b32a022-0873-45ad-871c-7103a9c801a0 Path:	4104	1		3	2	15	0	1136	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	2280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:56 PM	1909dffc-a75a-0001-93ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): nVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgICAgICAgICAgfQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIgYW5kIGl0J3MgY29udGVudHMgdG8gZGVzdAogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgICAgICAkZGlmZiA9IENvcHktRm9sZGVyIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgIyB3ZSBhcmUganVzdCBjb3B5aW5nIGEgc2luZ2xlIGZpbGUgdG8gZGVzdAogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZpbGVfY29weScKCiAgICAgICAgJHNvdXJjZV9iYXNlbmFtZSA9IChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICRyZXN1bHQub3JpZ2luYWxfYmFzZW5hbWUgPSAkc291cmNlX2Jhc2VuYW1lCgogICAgICAgIGlmICgkZGVzdC5FbmRzV2l0aCgiLyIpIC1vciAkZGVzdC5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAkZGVzdCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoIChHZXQtSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZSkuTmFtZQogICAgICAgICAgICAkcmVzdWx0LmRlc3QgPSAkZGVzdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICMgY2hlY2sgaWYgdGhlIHBhcmVudCBkaXIgZXhpc3RzLCB0aGlzIGlzIG9ubHkgZG9uZSBpZiBzcmMgaXMgYQogICAgICAgICAgICAjIGZpbGUgYW5kIGRlc3QgaWYgdGhlIHBhdGggdG8gYSBmaWxlIChkb2Vzbid0IGVuZCB3aXRoIFwgb3IgLykKICAgICAgICAgICAgJHBhcmVudF9kaXIgPSBTcGxpdC1QYXRoIC1QYXRoICRkZXN0CiAgICAgICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiRGVzdGluYXRpb24gZGlyZWN0b3J5ICckcGFyZW50X2RpcicgZG9lcyBub3QgZXhpc3QiCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICAgICAgJGNvcHlfcmVzdWx0ID0gQ29weS1GaWxlIC1zb3VyY2UgJHNyYyAtZGVzdCAkZGVzdAogICAgICAgICRkaWZmID0gJGNvcHlfcmVzdWx0LmRpZmYKICAgICAgICAkcmVzdWx0LmNoZWNrc3VtID0gJGNvcHlfcmVzdWx0LmNoZWNrc3VtCiAgICB9CgogICAgIyB0aGUgZmlsZSBtaWdodCBub3QgZXhpc3QgaWYgcnVubmluZyBpbiBjaGVjayBtb2RlCiAgICBpZiAoLW5vdCAkY2hlY2tfbW9kZSAtb3IgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikpIHsKICAgICAgICAkcmVzdWx0LnNpemUgPSBHZXQtRmlsZVNpemUgLXBhdGggJGRlc3QKICAgIH0gZWxzZSB7CiAgICAgICAgJHJlc3VsdC5zaXplID0gJG51bGwKICAgIH0KICAgIGlmICgkZGlmZl9tb2RlKSB7CiAgICAgICAgJHJlc3VsdC5kaWZmLnByZXBhcmVkID0gJGRpZmYKICAgIH0KfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJzaW5nbGUiKSB7CiAgICAjIGEgc2luZ2xlIGZpbGUgaXMgbG9jYXRlZCBpbiBzcmMgYW5kIHdlIG5lZWQgdG8gY29weSB0byBkZXN0LCB0aGlzIHdpbGwKICAgICMgYWx3YXlzIHJlc3VsdCBpbiBhIGNoYW5nZSBhcyB0aGUgY2FsY3VsYXRpb24gaXMgZG9uZSBvbiB0aGUgQW5zaWJsZSBzaWRlCiAgICAjIGJlZm9yZSB0aGlzIGlzIHJ1bi4gVGhpcyBzaG91bGQgYWxzbyBuZXZlciBydW4gaW4gY2hlY2sgbW9kZQogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBMZWFmKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgIyB0aGUgZGVzdCBwYXJhbWV0ZXIgaXMgYSBkaXJlY3RvcnksIHdlIG5lZWQgdG8gYXBwZW5kIG9yaWdpbmFsX2Jhc2VuYW1lCiAgICBpZiAoJGRlc3QuRW5kc1dpdGgoIi8iKSAtb3IgJGRlc3QuRW5kc1dpdGgoImBcIikgLW9yIChUZXN0LVBhdGggLVBhdGggJGRlc3QgLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAkcmVtb3RlX2Rlc3QgPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkb3JpZ2luYWxfYmFzZW5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgd2hlbiBkZXN0IGVuZHMgd2l0aCAvLCB3ZSBuZWVkIHRvIGNyZWF0ZSB0aGUgZGVzdGluYXRpb24gZGlyZWN0b3JpZXMKICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIm9iamVjdCBhdCBkZXN0aW5hdGlvbiBwYXJlbnQgZGlyICckcGFyZW50X2RpcicgaXMgY3VycmVudGx5IGEgZmlsZSIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRwYXJlbnRfZGlyIC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRwYXJlbnRfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0gZWxzZSB7CiAgICAgICAgJHJlbW90ZV9kZXN0ID0gJGRlc3QKICAgICAgICAkcGFyZW50X2RpciA9IFNwbGl0LVBhdGggLVBhdGggJHJlbW90ZV9kZXN0CgogICAgICAgICMgY2hlY2sgaWYgdGhlIGRlc3QgcGFyZW50IGRpcnMgZXhpc3QsIG5lZWQgdG8gZmFpbCBpZiB0aGV5IGRvbid0CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJvYmplY3QgYXQgZGVzdGluYXRpb24gcGFyZW50IGRpciAnJHBhcmVudF9kaXInIGlzIGN1cnJlbnRseSBhIGZpbGUiCiAgICAgICAgfSBlbHNlaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgQ29udGFpbmVyKSkgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJEZXN0aW5hdGlvbiBkaXJlY3RvcnkgJyRwYXJlbnRfZGlyJyBkb2VzIG5vdCBleGlzdCIKICAgICAgICB9CiAgICB9CgogICAgQ29weS1JdGVtIC1QYXRoICRzcmMgLURlc3RpbmF0aW9uICRyZW1vdGVfZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgJHJlc3VsdC5jaGFuZ2VkID0gJHRydWUKfQoKRXhpdC1Kc29uIC1vYmogJHJlc3VsdAo=", "module_args": {"symlinks": [], "files": [{"dest": "pip-install-requirements.log", "checksum": "c665971e58b2fff134858dd66f7250cb56008142", "src": "/home/jenkins-slave/.ansible/tmp/ansible-local-5686xtZq9a/tmpH93zsd"}], "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "force": true, "_ansible_no_log": false, "dest": "c:/openstack/log", "directories": [], "_ansible_remote_tmp": "%TEMP%", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_copy_mode": "query", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null, "_ansible_version": "2.7.0", "_ansible_module_name": "win_copy"}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: 73d88ef3-1973-4fc4-881d-b77b3fc09abe Path:	4104	1		3	2	15	0	1135	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	2280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0001-8dec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK"}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTUsIEpvbiBIYXdrZXN3b3J0aCAoQGpoYXdrZXN3b3J0aCkgPGZpZ3NAdW5pdHkuZGVtb24uY28udWs+CiMgQ29weXJpZ2h0OiAoYykgMjAxNywgQW5zaWJsZSBQcm9qZWN0CiMgR05VIEdlbmVyYWwgUHVibGljIExpY2Vuc2UgdjMuMCsgKHNlZSBDT1BZSU5HIG9yIGh0dHBzOi8vd3d3LmdudS5vcmcvbGljZW5zZXMvZ3BsLTMuMC50eHQpCgojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkxlZ2FjeQoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKJHBhcmFtcyA9IFBhcnNlLUFyZ3MgLWFyZ3VtZW50cyAkYXJncyAtc3VwcG9ydHNfY2hlY2tfbW9kZSAkdHJ1ZQokY2hlY2tfbW9kZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfYW5zaWJsZV9jaGVja19tb2RlIiAtdHlwZSAiYm9vbCIgLWRlZmF1bHQgJGZhbHNlCiRkaWZmX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfZGlmZiIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQoKIyB0aGVyZSBhcmUgNCBtb2RlcyB0byB3aW5fY29weSB3aGljaCBhcmUgZHJpdmVuIGJ5IHRoZSBhY3Rpb24gcGx1Z2luczoKIyAgIGV4cGxvZGU6IHNyYyBpcyBhIHppcCBmaWxlIHdoaWNoIG5lZWRzIHRvIGJlIGV4dHJhY3RlZCB0byBkZXN0LCBmb3IgdXNlIHdpdGggbXVsdGlwbGUgZmlsZXMKIyAgIHF1ZXJ5OiB3aW5fY29weSBhY3Rpb24gcGx1Z2luIHdhbnRzIHRvIGdldCB0aGUgc3RhdGUgb2YgcmVtb3RlIGZpbGVzIHRvIGNoZWNrIHdoZXRoZXIgaXQgbmVlZHMgdG8gc2VuZCB0aGVtCiMgICByZW1vdGU6IGFsbCBjb3B5IGFjdGlvbiBpcyBoYXBwZW5pbmcgcmVtb3RlbHkgKHJlbW90ZV9zcmM9VHJ1ZSkKIyAgIHNpbmdsZTogYSBzaW5nbGUgZmlsZSBoYXMgYmVlbiBjb3BpZWQsIGFsc28gdXNlZCB3aXRoIHRlbXBsYXRlCiRjb3B5X21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2NvcHlfbW9kZSIgLXR5cGUgInN0ciIgLWRlZmF1bHQgInNpbmdsZSIgLXZhbGlkYXRlc2V0ICJleHBsb2RlIiwicXVlcnkiLCJyZW1vdGUiLCJzaW5nbGUiCgojIHVzZWQgaW4gZXhwbG9kZSwgcmVtb3RlIGFuZCBzaW5nbGUgbW9kZQokc3JjID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInNyYyIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAoJGNvcHlfbW9kZSAtaW4gQCgiZXhwbG9kZSIsInByb2Nlc3MiLCJzaW5nbGUiKSkKJGRlc3QgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGVzdCIgLXR5cGUgInBhdGgiIC1mYWlsaWZlbXB0eSAkdHJ1ZQoKIyB1c2VkIGluIHNpbmdsZSBtb2RlCiRvcmlnaW5hbF9iYXNlbmFtZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJfb3JpZ2luYWxfYmFzZW5hbWUiIC10eXBlICJzdHIiCgojIHVzZWQgaW4gcXVlcnkgYW5kIHJlbW90ZSBtb2RlCiRmb3JjZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJmb3JjZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICR0cnVlCgojIHVzZWQgaW4gcXVlcnkgbW9kZSwgY29udGFpbnMgdGhlIGxvY2FsIGZpbGVzL2RpcmVjdG9yaWVzL3N5bWxpbmtzIHRoYXQgYXJlIHRvIGJlIGNvcGllZAokZmlsZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZmlsZXMiIC10eXBlICJsaXN0IgokZGlyZWN0b3JpZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiZGlyZWN0b3JpZXMiIC10eXBlICJsaXN0Igokc3ltbGlua3MgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3ltbGlua3MiIC10eXBlICJsaXN0IgoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJGZhbHNlCn0KCmlmICgkZGlmZl9tb2RlKSB7CiAgICAkcmVzdWx0LmRpZmYgPSBAe30KfQoKRnVuY3Rpb24gQ29weS1GaWxlKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9maWxlID0gJGZhbHNlCiAgICAkc291cmNlX2NoZWNrc3VtID0gJG51bGwKICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAkc291cmNlX2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkc291cmNlCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBkZXN0IGlzIGFscmVhZHkgYSBmb2xkZXIiCiAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgaWYgKCRmb3JjZSkgewogICAgICAgICAgICAkdGFyZ2V0X2NoZWNrc3VtID0gR2V0LUZpbGVDaGVja3N1bSAtcGF0aCAkZGVzdAogICAgICAgICAgICBpZiAoJHNvdXJjZV9jaGVja3N1bSAtbmUgJHRhcmdldF9jaGVja3N1bSkgewogICAgICAgICAgICAgICAgJGNvcHlfZmlsZSA9ICR0cnVlCiAgICAgICAgICAgIH0KICAgICAgICB9CiAgICB9IGVsc2UgewogICAgICAgICRjb3B5X2ZpbGUgPSAkdHJ1ZQogICAgfQoKICAgIGlmICgkY29weV9maWxlKSB7CiAgICAgICAgJGZpbGVfZGlyID0gW1N5c3RlbS5JTy5QYXRoXTo6R2V0RGlyZWN0b3J5TmFtZSgkZGVzdCkKICAgICAgICAjIHZhbGlkYXRlIHRoZSBwYXJlbnQgZGlyIGlzIG5vdCBhIGZpbGUgYW5kIHRoYXQgaXQgZXhpc3RzCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZmlsZV9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9IGVsc2VpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRmaWxlX2RpcikpIHsKICAgICAgICAgICAgIyBkaXJlY3RvcnkgZG9lc24ndCBleGlzdCwgbmVlZCB0byBjcmVhdGUKICAgICAgICAgICAgTmV3LUl0ZW0gLVBhdGggJGZpbGVfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICIrJGZpbGVfZGlyXGBuIgogICAgICAgIH0KCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBSZW1vdmUtSXRlbSAtUGF0aCAkZGVzdCAtRm9yY2UgLVJlY3Vyc2UgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgICAgICRkaWZmICs9ICItJGRlc3RgbiIKICAgICAgICB9CgogICAgICAgIGlmICgtbm90ICRjaGVja19tb2RlKSB7CiAgICAgICAgICAgICMgY2Fubm90IHJ1biB3aXRoIC1XaGF0SWY6JGNoZWNrX21vZGUgYXMgaWYgdGhlIHBhcmVudCBkaXIgZGlkbid0CiAgICAgICAgICAgICMgZXhpc3QgYW5kIHdhcyBjcmVhdGVkIGFib3ZlIHdvdWxkIHN0aWxsIG5vdCBleGlzdCBpbiBjaGVjayBtb2RlCiAgICAgICAgICAgIENvcHktSXRlbSAtUGF0aCAkc291cmNlIC1EZXN0aW5hdGlvbiAkZGVzdCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgICAgICAkZGlmZiArPSAiKyRkZXN0YG4iCgogICAgICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCiAgICB9CgogICAgIyB1Z2x5IGJ1dCB0byBzYXZlIHVzIGZyb20gcnVubmluZyB0aGUgY2hlY2tzdW0gdHdpY2UsIGxldCdzIHJldHVybiBpdCBmb3IKICAgICMgdGhlIG1haW4gY29kZSB0byBhZGQgaXQgdG8gJHJlc3VsdAogICAgcmV0dXJuICxAeyBkaWZmID0gJGRpZmY7IGNoZWNrc3VtID0gJHNvdXJjZV9jaGVja3N1bSB9Cn0KCkZ1bmN0aW9uIENvcHktRm9sZGVyKCRzb3VyY2UsICRkZXN0KSB7CiAgICAkZGlmZiA9ICIiCiAgICAkY29weV9mb2xkZXIgPSAkZmFsc2UKCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0IC1QYXRoVHlwZSBDb250YWluZXIpKSB7CiAgICAgICAgJHBhcmVudF9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRkZXN0KQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJHBhcmVudF9kaXIgLVBhdGhUeXBlIExlYWYpIHsKICAgICAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiY2Fubm90IGNvcHkgZmlsZSBmcm9tICckc291cmNlJyB0byAnJGRlc3QnOiBvYmplY3QgYXQgZGVzdCBwYXJlbnQgZGlyIGlzIG5vdCBhIGZvbGRlciIKICAgICAgICB9CiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkZGVzdCAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgZnJvbSAnJHNvdXJjZScgdG8gJyRkZXN0JzogZGVzdCBpcyBhbHJlYWR5IGEgZmlsZSIKICAgICAgICB9CgogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBDb250YWluZXIgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgJGRpZmYgKz0gIiskZGVzdFxgbiIKICAgICAgICAkcmVzdWx0LmNoYW5nZWQgPSAkdHJ1ZQogICAgfQoKICAgICRjaGlsZF9pdGVtcyA9IEdldC1DaGlsZEl0ZW0gLVBhdGggJHNvdXJjZSAtRm9yY2UKICAgIGZvcmVhY2ggKCRjaGlsZF9pdGVtIGluICRjaGlsZF9pdGVtcykgewogICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfaXRlbS5OYW1lCiAgICAgICAgaWYgKCRjaGlsZF9pdGVtLlBTSXNDb250YWluZXIpIHsKICAgICAgICAgICAgJGRpZmYgKz0gKENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2l0ZW0uRnVsbG5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aCkuZGlmZgogICAgICAgIH0KICAgIH0KCiAgICByZXR1cm4gJGRpZmYKfQoKRnVuY3Rpb24gR2V0LUZpbGVTaXplKCRwYXRoKSB7CiAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRwYXRoIC1Gb3JjZQogICAgJHNpemUgPSAkbnVsbAogICAgaWYgKCRmaWxlLlBTSXNDb250YWluZXIpIHsKICAgICAgICAkZGlyX2ZpbGVzX3N1bSA9IEdldC1DaGlsZEl0ZW0gJGZpbGUuRnVsbE5hbWUgLVJlY3Vyc2UKICAgICAgICBpZiAoJGRpcl9maWxlc19zdW0gLWVxICRudWxsIC1vciAoJGRpcl9maWxlc19zdW0uUFNPYmplY3QuUHJvcGVydGllcy5uYW1lIC1jb250YWlucyAnbGVuZ3RoJyAtZXEgJGZhbHNlKSkgewogICAgICAgICAgICAkc2l6ZSA9IDAKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkc2l6ZSA9ICgkZGlyX2ZpbGVzX3N1bSB8IE1lYXN1cmUtT2JqZWN0IC1wcm9wZXJ0eSBsZW5ndGggLXN1bSkuU3VtCiAgICAgICAgfQogICAgfSBlbHNlIHsKICAgICAgICAkc2l6ZSA9ICRmaWxlLkxlbmd0aAogICAgfQoKICAgICRzaXplCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwKCRzcmMsICRkZXN0KSB7CiAgICAkYXJjaGl2ZSA9IFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZV06Ok9wZW4oJHNyYywgW1N5c3RlbS5JTy5Db21wcmVzc2lvbi5aaXBBcmNoaXZlTW9kZV06OlJlYWQsIFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjgpCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJGFyY2hpdmUuRW50cmllcykgewogICAgICAgICRhcmNoaXZlX25hbWUgPSAkZW50cnkuRnVsbE5hbWUKCiAgICAgICAgIyBGdWxsTmFtZSBtYXkgYmUgYXBwZW5kZWQgd2l0aCAvIG9yIFwsIGRldGVybWluZSBpZiBpdCBpcyBwYWRkZWQgYW5kIHJlbW92ZSBpdAogICAgICAgICRwYWRkaW5nX2xlbmd0aCA9ICRhcmNoaXZlX25hbWUuTGVuZ3RoICUgNAogICAgICAgIGlmICgkcGFkZGluZ19sZW5ndGggLWVxIDApIHsKICAgICAgICAgICAgJGlzX2RpciA9ICRmYWxzZQogICAgICAgICAgICAkYmFzZTY0X25hbWUgPSAkYXJjaGl2ZV9uYW1lCiAgICAgICAgfSBlbHNlaWYgKCRwYWRkaW5nX2xlbmd0aCAtZXEgMSkgewogICAgICAgICAgICAkaXNfZGlyID0gJHRydWUKICAgICAgICAgICAgaWYgKCRhcmNoaXZlX25hbWUuRW5kc1dpdGgoIi8iKSAtb3IgJGFyY2hpdmVfbmFtZS5FbmRzV2l0aCgiYFwiKSkgewogICAgICAgICAgICAgICAgJGJhc2U2NF9uYW1lID0gJGFyY2hpdmVfbmFtZS5TdWJzdHJpbmcoMCwgJGFyY2hpdmVfbmFtZS5MZW5ndGggLSAxKQogICAgICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAgICAgdGhyb3cgImludmFsaWQgYmFzZTY0IGFyY2hpdmUgbmFtZSAnJGFyY2hpdmVfbmFtZSciCiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2UgewogICAgICAgICAgICB0aHJvdyAiaW52YWxpZCBiYXNlNjQgbGVuZ3RoICckYXJjaGl2ZV9uYW1lJyIKICAgICAgICB9CgogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGJhc2U2NF9uYW1lKSkKICAgICAgICAjIHJlLWFkZCB0aGUgLyB0byB0aGUgZW50cnkgZnVsbCBuYW1lIGlmIGl0IHdhcyBhIGRpcmVjdG9yeQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfbmFtZSA9ICIkZGVjb2RlZF9hcmNoaXZlX25hbWUvIgogICAgICAgIH0KICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX25hbWUpCiAgICAgICAgJGVudHJ5X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGVudHJ5X3RhcmdldF9wYXRoKQoKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRlbnRyeV9kaXIpKSB7CiAgICAgICAgICAgIE5ldy1JdGVtIC1QYXRoICRlbnRyeV9kaXIgLUl0ZW1UeXBlIERpcmVjdG9yeSAtV2hhdElmOiRjaGVja19tb2RlIHwgT3V0LU51bGwKICAgICAgICB9CgogICAgICAgIGlmICgkaXNfZGlyIC1lcSAkZmFsc2UpIHsKICAgICAgICAgICAgaWYgKC1ub3QgJGNoZWNrX21vZGUpIHsKICAgICAgICAgICAgICAgIFtTeXN0ZW0uSU8uQ29tcHJlc3Npb24uWmlwRmlsZUV4dGVuc2lvbnNdOjpFeHRyYWN0VG9GaWxlKCRlbnRyeSwgJGVudHJ5X3RhcmdldF9wYXRoLCAkdHJ1ZSkKICAgICAgICAgICAgfQogICAgICAgIH0KICAgIH0KICAgICRhcmNoaXZlLkRpc3Bvc2UoKSAgIyByZWxlYXNlIHRoZSBoYW5kbGUgb2YgdGhlIHppcCBmaWxlCn0KCkZ1bmN0aW9uIEV4dHJhY3QtWmlwTGVnYWN5KCRzcmMsICRkZXN0KSB7CiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRkZXN0KSkgewogICAgICAgIE5ldy1JdGVtIC1QYXRoICRkZXN0IC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICB9CiAgICAkc2hlbGwgPSBOZXctT2JqZWN0IC1Db21PYmplY3QgU2hlbGwuQXBwbGljYXRpb24KICAgICR6aXAgPSAkc2hlbGwuTmFtZVNwYWNlKCRzcmMpCiAgICAkZGVzdF9wYXRoID0gJHNoZWxsLk5hbWVTcGFjZSgkZGVzdCkKCiAgICBmb3JlYWNoICgkZW50cnkgaW4gJHppcC5JdGVtcygpKSB7CiAgICAgICAgJGlzX2RpciA9ICRlbnRyeS5Jc0ZvbGRlcgogICAgICAgICRlbmNvZGVkX2FyY2hpdmVfZW50cnkgPSAkZW50cnkuTmFtZQogICAgICAgICMgdG8gaGFuZGxlIHVuaWNvZGUgY2hhcmFjdGVyLCB3aW5fY29weSBhY3Rpb24gcGx1Z2luIGhhcyBlbmNvZGVkIHRoZSBmaWxlbmFtZQogICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRlbmNvZGVkX2FyY2hpdmVfZW50cnkpKQogICAgICAgIGlmICgkaXNfZGlyKSB7CiAgICAgICAgICAgICRkZWNvZGVkX2FyY2hpdmVfZW50cnkgPSAiJGRlY29kZWRfYXJjaGl2ZV9lbnRyeS8iCiAgICAgICAgfQoKICAgICAgICAkZW50cnlfdGFyZ2V0X3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpDb21iaW5lKCRkZXN0LCAkZGVjb2RlZF9hcmNoaXZlX2VudHJ5KQogICAgICAgICRlbnRyeV9kaXIgPSBbU3lzdGVtLklPLlBhdGhdOjpHZXREaXJlY3RvcnlOYW1lKCRlbnRyeV90YXJnZXRfcGF0aCkKCiAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkZW50cnlfZGlyKSkgewogICAgICAgICAgICBOZXctSXRlbSAtUGF0aCAkZW50cnlfZGlyIC1JdGVtVHlwZSBEaXJlY3RvcnkgLVdoYXRJZjokY2hlY2tfbW9kZSB8IE91dC1OdWxsCiAgICAgICAgfQoKICAgICAgICBpZiAoJGlzX2RpciAtZXEgJGZhbHNlIC1hbmQgKC1ub3QgJGNoZWNrX21vZGUpKSB7CiAgICAgICAgICAgICMgaHR0cHM6Ly9tc2RuLm1pY3Jvc29mdC5jb20vZW4tdXMvbGlicmFyeS93aW5kb3dzL2Rlc2t0b3AvYmI3ODc4NjYuYXNweAogICAgICAgICAgICAjIEZyb20gRm9sZGVyLkNvcHlIZXJlIGRvY3VtZW50YXRpb24sIDEwNDQgbWVhbnM6CiAgICAgICAgICAgICMgIC0gMTAyNDogZG8gbm90IGRpc3BsYXkgYSB1c2VyIGludGVyZmFjZSBpZiBhbiBlcnJvciBvY2N1cnMKICAgICAgICAgICAgIyAgLSAgIDE2OiByZXNwb25kIHdpdGggInllcyB0byBhbGwiIGZvciBhbnkgZGlhbG9nIGJveCB0aGF0IGlzIGRpc3BsYXllZAogICAgICAgICAgICAjICAtICAgIDQ6IGRvIG5vdCBkaXNwbGF5IGEgcHJvZ3Jlc3MgZGlhbG9nIGJveAogICAgICAgICAgICAkZGVzdF9wYXRoLkNvcHlIZXJlKCRlbnRyeSwgMTA0NCkKCiAgICAgICAgICAgICMgb25jZSBmaWxlIGlzIGV4dHJhY2VkLCB3ZSBuZWVkIHRvIHJlbmFtZSBpdCB3aXRoIG5vbiBiYXNlNjQgbmFtZQogICAgICAgICAgICAkY29tYmluZWRfZW5jb2RlZF9wYXRoID0gW1N5c3RlbS5JTy5QYXRoXTo6Q29tYmluZSgkZGVzdCwgJGVuY29kZWRfYXJjaGl2ZV9lbnRyeSkKICAgICAgICAgICAgTW92ZS1JdGVtIC1QYXRoICRjb21iaW5lZF9lbmNvZGVkX3BhdGggLURlc3RpbmF0aW9uICRlbnRyeV90YXJnZXRfcGF0aCAtRm9yY2UgfCBPdXQtTnVsbAogICAgICAgIH0KICAgIH0KfQoKaWYgKCRjb3B5X21vZGUgLWVxICJxdWVyeSIpIHsKICAgICMgd2Ugb25seSByZXR1cm4gYSBsaXN0IG9mIGZpbGVzL2RpcmVjdG9yaWVzIHRoYXQgbmVlZCB0byBiZSBjb3BpZWQgb3ZlcgogICAgIyB0aGUgc291cmNlIG9mIHRoZSBsb2NhbCBmaWxlIHdpbGwgYmUgdGhlIGtleSB1c2VkCiAgICAkY2hhbmdlZF9maWxlcyA9IEAoKQogICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgPSBAKCkKICAgICRjaGFuZ2VkX3N5bWxpbmtzID0gQCgpCgogICAgZm9yZWFjaCAoJGZpbGUgaW4gJGZpbGVzKSB7CiAgICAgICAgJGZpbGVuYW1lID0gJGZpbGUuZGVzdAogICAgICAgICRsb2NhbF9jaGVja3N1bSA9ICRmaWxlLmNoZWNrc3VtCgogICAgICAgICRmaWxlcGF0aCA9IEpvaW4tUGF0aCAtUGF0aCAkZGVzdCAtQ2hpbGRQYXRoICRmaWxlbmFtZQogICAgICAgIGlmIChUZXN0LVBhdGggLVBhdGggJGZpbGVwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIGlmICgkZm9yY2UpIHsKICAgICAgICAgICAgICAgICRjaGVja3N1bSA9IEdldC1GaWxlQ2hlY2tzdW0gLXBhdGggJGZpbGVwYXRoCiAgICAgICAgICAgICAgICBpZiAoJGNoZWNrc3VtIC1uZSAkbG9jYWxfY2hlY2tzdW0pIHsKICAgICAgICAgICAgICAgICAgICAkd2lsbF9jaGFuZ2UgPSAkdHJ1ZQogICAgICAgICAgICAgICAgICAgICRjaGFuZ2VkX2ZpbGVzICs9ICRmaWxlCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgIH0KICAgICAgICB9IGVsc2VpZiAoVGVzdC1QYXRoIC1QYXRoICRmaWxlcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZpbGUgdG8gZGVzdCAnJGZpbGVwYXRoJzogb2JqZWN0IGF0IHBhdGggaXMgYWxyZWFkeSBhIGRpcmVjdG9yeSIKICAgICAgICB9IGVsc2UgewogICAgICAgICAgICAkY2hhbmdlZF9maWxlcyArPSAkZmlsZQogICAgICAgIH0KICAgIH0KCiAgICBmb3JlYWNoICgkZGlyZWN0b3J5IGluICRkaXJlY3RvcmllcykgewogICAgICAgICRkaXJuYW1lID0gJGRpcmVjdG9yeS5kZXN0CgogICAgICAgICRkaXJwYXRoID0gSm9pbi1QYXRoIC1QYXRoICRkZXN0IC1DaGlsZFBhdGggJGRpcm5hbWUKICAgICAgICAkcGFyZW50X2RpciA9IFtTeXN0ZW0uSU8uUGF0aF06OkdldERpcmVjdG9yeU5hbWUoJGRpcnBhdGgpCiAgICAgICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkcGFyZW50X2RpciAtUGF0aFR5cGUgTGVhZikgewogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0IC1tZXNzYWdlICJjYW5ub3QgY29weSBmb2xkZXIgdG8gZGVzdCAnJGRpcnBhdGgnOiBvYmplY3QgYXQgcGFyZW50IGRpcmVjdG9yeSBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0KICAgICAgICBpZiAoVGVzdC1QYXRoIC1QYXRoICRkaXJwYXRoIC1QYXRoVHlwZSBMZWFmKSB7CiAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgImNhbm5vdCBjb3B5IGZvbGRlciB0byBkZXN0ICckZGlycGF0aCc6IG9iamVjdCBhdCBwYXRoIGlzIGFscmVhZHkgYSBmaWxlIgogICAgICAgIH0gZWxzZWlmICgtbm90IChUZXN0LVBhdGggLVBhdGggJGRpcnBhdGggLVBhdGhUeXBlIENvbnRhaW5lcikpIHsKICAgICAgICAgICAgJGNoYW5nZWRfZGlyZWN0b3JpZXMgKz0gJGRpcmVjdG9yeQogICAgICAgIH0KICAgIH0KCiAgICAjIFRPRE86IEhhbmRsZSBzeW1saW5rcwoKICAgICRyZXN1bHQuZmlsZXMgPSAkY2hhbmdlZF9maWxlcwogICAgJHJlc3VsdC5kaXJlY3RvcmllcyA9ICRjaGFuZ2VkX2RpcmVjdG9yaWVzCiAgICAkcmVzdWx0LnN5bWxpbmtzID0gJGNoYW5nZWRfc3ltbGlua3MKfSBlbHNlaWYgKCRjb3B5X21vZGUgLWVxICJleHBsb2RlIikgewogICAgIyBhIHNpbmdsZSB6aXAgZmlsZSBjb250YWluaW5nIHRoZSBmaWxlcyBhbmQgZGlyZWN0b3JpZXMgbmVlZHMgdG8gYmUKICAgICMgZXhwYW5kZWQgdGhpcyB3aWxsIGFsd2F5cyByZXN1bHQgaW4gYSBjaGFuZ2UgYXMgdGhlIGNhbGN1bGF0aW9uIGlzIGRvbmUKICAgICMgb24gdGhlIHdpbl9jb3B5IGFjdGlvbiBwbHVnaW4gYW5kIGlzIG9ubHkgcnVuIGlmIGEgY2hhbmdlIG5lZWRzIHRvIG9jY3VyCiAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICRzcmMgLVBhdGhUeXBlIExlYWYpKSB7CiAgICAgICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAiQ2Fubm90IGV4cGFuZCBzcmMgemlwIGZpbGU6ICckc3JjJyBhcyBpdCBkb2VzIG5vdCBleGlzdCIKICAgIH0KCiAgICAjIERldGVjdCBpZiB0aGUgUFMgemlwIGFzc2VtYmxpZXMgYXJlIGF2YWlsYWJsZSBvciB3aGV0aGVyIHRvIHVzZSBTaGVsbAogICAgJHVzZV9sZWdhY3kgPSAkZmFsc2UKICAgIHRyeSB7CiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24uRmlsZVN5c3RlbSB8IE91dC1OdWxsCiAgICAgICAgQWRkLVR5cGUgLUFzc2VtYmx5TmFtZSBTeXN0ZW0uSU8uQ29tcHJlc3Npb24gfCBPdXQtTnVsbAogICAgfSBjYXRjaCB7CiAgICAgICAgJHVzZV9sZWdhY3kgPSAkdHJ1ZQogICAgfQogICAgaWYgKCR1c2VfbGVnYWN5KSB7CiAgICAgICAgRXh0cmFjdC1aaXBMZWdhY3kgLXNyYyAkc3JjIC1kZXN0ICRkZXN0CiAgICB9IGVsc2UgewogICAgICAgIEV4dHJhY3QtWmlwIC1zcmMgJHNyYyAtZGVzdCAkZGVzdAogICAgfQoKICAgICRyZXN1bHQuY2hhbmdlZCA9ICR0cnVlCn0gZWxzZWlmICgkY29weV9tb2RlIC1lcSAicmVtb3RlIikgewogICAgIyBhbGwgY29weSBhY3Rpb25zIGFyZSBoYXBwZW5pbmcgb24gdGhlIHJlbW90ZSBzaWRlICh3aW5kb3dzIGhvc3QpLCBuZWVkCiAgICAjIHRvbyBjb3B5IHNvdXJjZSBhbmQgZGVzdCB1c2luZyBQUyBjb2RlCiAgICAkcmVzdWx0LnNyYyA9ICRzcmMKICAgICRyZXN1bHQuZGVzdCA9ICRkZXN0CgogICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtUGF0aCAkc3JjKSkgewogICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHQgLW1lc3NhZ2UgIkNhbm5vdCBjb3B5IHNyYyBmaWxlOiAnJHNyYycgYXMgaXQgZG9lcyBub3QgZXhpc3QiCiAgICB9CgogICAgaWYgKFRlc3QtUGF0aCAtUGF0aCAkc3JjIC1QYXRoVHlwZSBDb250YWluZXIpIHsKICAgICAgICAjIHdlIGFyZSBjb3B5aW5nIGEgZGlyZWN0b3J5IG9yIHRoZSBjb250ZW50cyBvZiBhIGRpcmVjdG9yeQogICAgICAgICRyZXN1bHQub3BlcmF0aW9uID0gJ2ZvbGRlcl9jb3B5JwogICAgICAgIGlmICgkc3JjLkVuZHNXaXRoKCIvIikgLW9yICRzcmMuRW5kc1dpdGgoImBcIikpIHsKICAgICAgICAgICAgIyBjb3B5aW5nIHRoZSBmb2xkZXIncyBjb250ZW50cyB0byBkZXN0CiAgICAgICAgICAgICRkaWZmID0gIiIKICAgICAgICAgICAgJGNoaWxkX2ZpbGVzID0gR2V0LUNoaWxkSXRlbSAtUGF0aCAkc3JjIC1Gb3JjZQogICAgICAgICAgICBmb3JlYWNoICgkY2hpbGRfZmlsZSBpbiAkY2hpbGRfZmlsZXMpIHsKICAgICAgICAgICAgICAgICRkZXN0X2NoaWxkX3BhdGggPSBKb2luLVBhdGggLVBhdGggJGRlc3QgLUNoaWxkUGF0aCAkY2hpbGRfZmlsZS5OYW1lCiAgICAgICAgICAgICAgICBpZiAoJGNoaWxkX2ZpbGUuUFNJc0NvbnRhaW5lcikgewogICAgICAgICAgICAgICAgICAgICRkaWZmICs9IENvcHktRm9sZGVyIC1zb3VyY2UgJGNoaWxkX2ZpbGUuRnVsbE5hbWUgLWRlc3QgJGRlc3RfY2hpbGRfcGF0aAogICAgICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgICAgICAkZGlmZiArPSAoQ29weS1GaWxlIC1zb3VyY2UgJGNoaWxkX2ZpbGUuR ScriptBlock ID: 73d88ef3-1973-4fc4-881d-b77b3fc09abe Path:	4104	1		3	2	15	0	1134	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	2280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0001-8dec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICA ScriptBlock ID: 73d88ef3-1973-4fc4-881d-b77b3fc09abe Path:	4104	1		3	2	15	0	1133	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	2280	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0001-8dec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1132	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4036	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0003-e0e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4508 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1131	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	1832	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0003-e0e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1130	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4508	4036	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:55 PM	1909dffc-a75a-0003-e0e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1129	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4528	2872	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:11 PM	1909dffc-a75a-0002-4aea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4528 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1128	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4528	3928	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:11 PM	1909dffc-a75a-0002-4aea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1127	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4528	2872	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:11 PM	1909dffc-a75a-0002-4aea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 551dbce0-d05a-4b14-9a58-56163c2024c0 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = dc0a4526-45cb-4fd3-8b00-85b2b099644e Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1126	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	4444	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:11 PM	1909dffc-a75a-0003-a4e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: e51a2279-e93c-4e4d-b4e1-2cb924310300 Path:	4104	1		3	2	15	0	1125	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-38ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: b4dab6d0-c1ed-41fa-b2a3-5bf377cbc9e3 Path:	4104	1		3	2	15	0	1124	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-31ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: cfbecbbc-a41f-4ec3-8509-3e5da27ef27e Path:	4104	1		3	2	15	0	1123	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-22ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "pip install -c c:\\openstack\\build\\requirements\\upper-constraints.txt -U -e c:\\openstack\\build\\requirements", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: adc80f13-ac34-40e8-b32e-143b1b64cd14 Path:	4104	1		3	2	15	0	1122	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): ICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICAgfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04 ScriptBlock ID: adc80f13-ac34-40e8-b32e-143b1b64cd14 Path:	4104	1		3	2	15	0	1121	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAg ScriptBlock ID: adc80f13-ac34-40e8-b32e-143b1b64cd14 Path:	4104	1		3	2	15	0	1120	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3852	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0001-1cec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1119	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	4468	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0003-92e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 3604 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1118	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	3176	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0003-92e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1117	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	3604	4468	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:10 PM	1909dffc-a75a-0003-92e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1116	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4980	1804	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:08 PM	1909dffc-a75a-0003-87e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4980 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1115	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4980	2388	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:08 PM	1909dffc-a75a-0003-87e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1114	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4980	1804	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:08 PM	1909dffc-a75a-0003-87e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = b784bbd2-285c-4208-a04e-c1ef9ee75c5f Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = 6bc7b729-bea2-4304-b574-db5889fe561c Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1113	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	4200	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:07 PM	1909dffc-a75a-0001-10ec-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d5bf79fc-d616-430d-933a-efb72ef5af0e Path:	4104	1		3	2	15	0	1112	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:07 PM	1909dffc-a75a-0002-28ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c), Michael DeHaan <michael.dehaan@gmail.com>, 2014, and others # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) Set-StrictMode -Version 2.0 $ErrorActionPreference = "Stop" Function Set-Attr($obj, $name, $value) { <# .SYNOPSIS Helper function to set an "attribute" on a psobject instance in PowerShell. This is a convenience to make adding Members to the object easier and slightly more pythonic .EXAMPLE Set-Attr $result "changed" $true #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } Try { $obj.$name = $value } Catch { $obj | Add-Member -Force -MemberType NoteProperty -Name $name -Value $value } } Function Exit-Json($obj) { <# .SYNOPSIS Helper function to convert a PowerShell object to JSON and output it, exiting the script .EXAMPLE Exit-Json $result #> # If the provided $obj is undefined, define one to be nice If (-not $obj.GetType) { $obj = @{ } } if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit } Function Fail-Json($obj, $message = $null) { <# .SYNOPSIS Helper function to add the "msg" property and "failed" property, convert the PowerShell Hashtable to JSON and output it, exiting the script .EXAMPLE Fail-Json $result "This is the failure message" #> if ($obj -is [hashtable] -or $obj -is [psobject]) { # Nothing to do } elseif ($obj -is [string] -and $null -eq $message) { # If we weren't given 2 args, and the only arg was a string, # create a new Hashtable and use the arg as the failure message $message = $obj $obj = @{ } } else { # If the first argument is undefined or a different type, # make it a Hashtable $obj = @{ } } # Still using Set-Attr for PSObject compatibility Set-Attr $obj "msg" $message Set-Attr $obj "failed" $true if (-not $obj.ContainsKey('changed')) { Set-Attr $obj "changed" $false } Write-Output $obj | ConvertTo-Json -Compress -Depth 99 Exit 1 } Function Add-Warning($obj, $message) { <# .SYNOPSIS Helper function to add warnings, even if the warnings attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("warnings")) { $obj.warnings = @() } elseif ($obj.warnings -isnot [array]) { throw "Add-Warning: warnings attribute is not an array" } $obj.warnings += $message } Function Add-DeprecationWarning($obj, $message, $version = $null) { <# .SYNOPSIS Helper function to add deprecations, even if the deprecations attribute was not already set up. This is a convenience for the module developer so they do not have to check for the attribute prior to adding. #> if (-not $obj.ContainsKey("deprecations")) { $obj.deprecations = @() } elseif ($obj.deprecations -isnot [array]) { throw "Add-DeprecationWarning: deprecations attribute is not a list" } $obj.deprecations += @{ msg = $message version = $version } } Function Expand-Environment($value) { <# .SYNOPSIS Helper function to expand environment variables in values. By default it turns any type to a string, but we ensure $null remains $null. #> if ($null -ne $value) { [System.Environment]::ExpandEnvironmentVariables($value) } else { $value } } Function Get-AnsibleParam($obj, $name, $default = $null, $resultobj = @{}, $failifempty = $false, $emptyattributefailmessage, $ValidateSet, $ValidateSetErrorMessage, $type = $null, $aliases = @()) { <# .SYNOPSIS Helper function to get an "attribute" from a psobject instance in PowerShell. This is a convenience to make getting Members from an object easier and slightly more pythonic .EXAMPLE $attr = Get-AnsibleParam $response "code" -default "1" .EXAMPLE Get-AnsibleParam -obj $params -name "State" -default "Present" -ValidateSet "Present","Absent" -resultobj $resultobj -failifempty $true Get-AnsibleParam also supports Parameter validation to save you from coding that manually Note that if you use the failifempty option, you do need to specify resultobject as well. #> # Check if the provided Member $name or aliases exist in $obj and return it or the default. try { $found = $null # First try to find preferred parameter $name $aliases = @($name) + $aliases # Iterate over aliases to find acceptable Member $name foreach ($alias in $aliases) { if ($obj.ContainsKey($alias)) { $found = $alias break } } if ($null -eq $found) { throw } $name = $found if ($ValidateSet) { if ($ValidateSet -contains ($obj.$name)) { $value = $obj.$name } else { if ($null -eq $ValidateSetErrorMessage) { #Auto-generated error should be sufficient in most use cases $ValidateSetErrorMessage = "Get-AnsibleParam: Argument $name needs to be one of $($ValidateSet -join ",") but was $($obj.$name)." } Fail-Json -obj $resultobj -message $ValidateSetErrorMessage } } else { $value = $obj.$name } } catch { if ($failifempty -eq $false) { $value = $default } else { if (-not $emptyattributefailmessage) { $emptyattributefailmessage = "Get-AnsibleParam: Missing required argument: $name" } Fail-Json -obj $resultobj -message $emptyattributefailmessage } } # If $value -eq $null, the parameter was unspecified by the user (deliberately or not) # Please leave $null-values intact, modules need to know if a parameter was specified # When $value is already an array, we cannot rely on the null check, as an empty list # is seen as null in the check below if ($null -ne $value -or $value -is [array]) { if ($type -eq "path") { # Expand environment variables on path-type $value = Expand-Environment($value) # Test if a valid path is provided if (-not (Test-Path -IsValid $value)) { $path_invalid = $true # could still be a valid-shaped path with a nonexistent drive letter if ($value -match "^\w:") { # rewrite path with a valid drive letter and recheck the shape- this might still fail, eg, a nonexistent non-filesystem PS path if (Test-Path -IsValid $(@(Get-PSDrive -PSProvider Filesystem)[0].Name + $value.Substring(1))) { $path_invalid = $false } } if ($path_invalid) { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' has an invalid path '$value' specified." } } } elseif ($type -eq "str") { # Convert str types to real Powershell strings $value = $value.ToString() } elseif ($type -eq "bool") { # Convert boolean types to real Powershell booleans $value = $value | ConvertTo-Bool } elseif ($type -eq "int") { # Convert int types to real Powershell integers $value = $value -as [int] } elseif ($type -eq "float") { # Convert float types to real Powershell floats $value = $value -as [float] } elseif ($type -eq "list") { if ($value -is [array]) { # Nothing to do } elseif ($value -is [string]) { # Convert string type to real Powershell array $value = $value.Split(",").Trim() } elseif ($value -is [int]) { $value = @($value) } else { Fail-Json -obj $resultobj -message "Get-AnsibleParam: Parameter '$name' is not a YAML list." } # , is not a typo, forces it to return as a list when it is empty or only has 1 entry return ,$value } } return $value } #Alias Get-attr-->Get-AnsibleParam for backwards compat. Only add when needed to ease debugging of scripts If (-not(Get-Alias -Name "Get-attr" -ErrorAction SilentlyContinue)) { New-Alias -Name Get-attr -Value Get-AnsibleParam } Function ConvertTo-Bool { <# .SYNOPSIS Helper filter/pipeline function to convert a value to boolean following current Ansible practices .EXAMPLE $is_true = "true" | ConvertTo-Bool #> param( [parameter(valuefrompipeline=$true)] $obj ) $boolean_strings = "yes", "on", "1", "true", 1 $obj_string = [string]$obj if (($obj -is [boolean] -and $obj) -or $boolean_strings -contains $obj_string.ToLower()) { return $true } else { return $false } } Function Parse-Args($arguments, $supports_check_mode = $false) { <# .SYNOPSIS Helper function to parse Ansible JSON arguments from a "file" passed as the single argument to the module. .EXAMPLE $params = Parse-Args $args #> $params = New-Object psobject If ($arguments.Length -gt 0) { $params = Get-Content $arguments[0] | ConvertFrom-Json } Else { $params = $complex_args } $check_mode = Get-AnsibleParam -obj $params -name "_ansible_check_mode" -type "bool" -default $false If ($check_mode -and -not $supports_check_mode) { Exit-Json @{ skipped = $true changed = $false msg = "remote module does not support check mode" } } return $params } Function Get-FileChecksum($path, $algorithm = 'sha1') { <# .SYNOPSIS Helper function to calculate a hash of a file in a way which PowerShell 3 and above can handle #> If (Test-Path -Path $path -PathType Leaf) { switch ($algorithm) { 'md5' { $sp = New-Object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider } 'sha1' { $sp = New-Object -TypeName System.Security.Cryptography.SHA1CryptoServiceProvider } 'sha256' { $sp = New-Object -TypeName System.Security.Cryptography.SHA256CryptoServiceProvider } 'sha384' { $sp = New-Object -TypeName System.Security.Cryptography.SHA384CryptoServiceProvider } 'sha512' { $sp = New-Object -TypeName System.Security.Cryptography.SHA512CryptoServiceProvider } default { Fail-Json @{} "Unsupported hash algorithm supplied '$algorithm'" } } If ($PSVersionTable.PSVersion.Major -ge 4) { $raw_hash = Get-FileHash $path -Algorithm $algorithm $hash = $raw_hash.Hash.ToLower() } Else { $fp = [System.IO.File]::Open($path, [System.IO.Filemode]::Open, [System.IO.FileAccess]::Read, [System.IO.FileShare]::ReadWrite); $hash = [System.BitConverter]::ToString($sp.ComputeHash($fp)).Replace("-", "").ToLower(); $fp.Dispose(); } } ElseIf (Test-Path -Path $path -PathType Container) { $hash = "3"; } Else { $hash = "1"; } return $hash } Function Get-PendingRebootStatus { <# .SYNOPSIS Check if reboot is required, if so notify CA. Function returns true if computer has a pending reboot #> $featureData = Invoke-WmiMethod -EA Ignore -Name GetServerFeature -Namespace root\microsoft\windows\servermanager -Class MSFT_ServerManagerTasks $regData = Get-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Control\Session Manager" "PendingFileRenameOperations" -EA Ignore $CBSRebootStatus = Get-ChildItem "HKLM:\\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing" -ErrorAction SilentlyContinue| Where-Object {$_.PSChildName -eq "RebootPending"} if(($featureData -and $featureData.RequiresReboot) -or $regData -or $CBSRebootStatus) { return $True } else { return $False } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: 008a31f0-a627-437d-9813-8ea5b3a35c2c Path:	4104	1		3	2	15	0	1111	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:07 PM	1909dffc-a75a-0002-21ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } ScriptBlock ID: 76a230af-9fc3-4a80-bcb5-15f6ce5d6357 Path:	4104	1		3	2	15	0	1110	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0002-12ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (3 of 3): CAgICAgICAnc2hhMScgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTFDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICAnc2hhMjU2JyB7ICRzcCA9IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5TZWN1cml0eS5DcnlwdG9ncmFwaHkuU0hBMjU2Q3J5cHRvU2VydmljZVByb3ZpZGVyIH0KICAgICAgICAgICAgJ3NoYTM4NCcgeyAkc3AgPSBOZXctT2JqZWN0IC1UeXBlTmFtZSBTeXN0ZW0uU2VjdXJpdHkuQ3J5cHRvZ3JhcGh5LlNIQTM4NENyeXB0b1NlcnZpY2VQcm92aWRlciB9CiAgICAgICAgICAgICdzaGE1MTInIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5TSEE1MTJDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgICAgICAgICBkZWZhdWx0IHsgRmFpbC1Kc29uIEB7fSAiVW5zdXBwb3J0ZWQgaGFzaCBhbGdvcml0aG0gc3VwcGxpZWQgJyRhbGdvcml0aG0nIiB9CiAgICAgICAgfQoKICAgICAgICBJZiAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtZ2UgNCkgewogICAgICAgICAgICAkcmF3X2hhc2ggPSBHZXQtRmlsZUhhc2ggJHBhdGggLUFsZ29yaXRobSAkYWxnb3JpdGhtCiAgICAgICAgICAgICRoYXNoID0gJHJhd19oYXNoLkhhc2guVG9Mb3dlcigpCiAgICAgICAgfSBFbHNlIHsKICAgICAgICAgICAgJGZwID0gW1N5c3RlbS5JTy5GaWxlXTo6T3BlbigkcGF0aCwgW1N5c3RlbS5JTy5GaWxlbW9kZV06Ok9wZW4sIFtTeXN0ZW0uSU8uRmlsZUFjY2Vzc106OlJlYWQsIFtTeXN0ZW0uSU8uRmlsZVNoYXJlXTo6UmVhZFdyaXRlKTsKICAgICAgICAgICAgJGhhc2ggPSBbU3lzdGVtLkJpdENvbnZlcnRlcl06OlRvU3RyaW5nKCRzcC5Db21wdXRlSGFzaCgkZnApKS5SZXBsYWNlKCItIiwgIiIpLlRvTG93ZXIoKTsKICAgICAgICAgICAgJGZwLkRpc3Bvc2UoKTsKICAgICAgICB9CiAgICB9CiAgICBFbHNlSWYgKFRlc3QtUGF0aCAtUGF0aCAkcGF0aCAtUGF0aFR5cGUgQ29udGFpbmVyKQogICAgewogICAgICAgICRoYXNoID0gIjMiOwogICAgfQogICAgRWxzZQogICAgewogICAgICAgICRoYXNoID0gIjEiOwogICAgfQogICAgcmV0dXJuICRoYXNoCn0KCkZ1bmN0aW9uIEdldC1QZW5kaW5nUmVib290U3RhdHVzCnsKPCMKICAgIC5TWU5PUFNJUwogICAgQ2hlY2sgaWYgcmVib290IGlzIHJlcXVpcmVkLCBpZiBzbyBub3RpZnkgQ0EuCiAgICBGdW5jdGlvbiByZXR1cm5zIHRydWUgaWYgY29tcHV0ZXIgaGFzIGEgcGVuZGluZyByZWJvb3QKIz4KICAgICRmZWF0dXJlRGF0YSA9IEludm9rZS1XbWlNZXRob2QgLUVBIElnbm9yZSAtTmFtZSBHZXRTZXJ2ZXJGZWF0dXJlIC1OYW1lc3BhY2Ugcm9vdFxtaWNyb3NvZnRcd2luZG93c1xzZXJ2ZXJtYW5hZ2VyIC1DbGFzcyBNU0ZUX1NlcnZlck1hbmFnZXJUYXNrcwogICAgJHJlZ0RhdGEgPSBHZXQtSXRlbVByb3BlcnR5ICJIS0xNOlxTWVNURU1cQ3VycmVudENvbnRyb2xTZXRcQ29udHJvbFxTZXNzaW9uIE1hbmFnZXIiICJQZW5kaW5nRmlsZVJlbmFtZU9wZXJhdGlvbnMiIC1FQSBJZ25vcmUKICAgICRDQlNSZWJvb3RTdGF0dXMgPSBHZXQtQ2hpbGRJdGVtICJIS0xNOlxcU09GVFdBUkVcTWljcm9zb2Z0XFdpbmRvd3NcQ3VycmVudFZlcnNpb25cQ29tcG9uZW50IEJhc2VkIFNlcnZpY2luZyIgIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlfCBXaGVyZS1PYmplY3QgeyRfLlBTQ2hpbGROYW1lIC1lcSAiUmVib290UGVuZGluZyJ9CiAgICBpZigoJGZlYXR1cmVEYXRhIC1hbmQgJGZlYXR1cmVEYXRhLlJlcXVpcmVzUmVib290KSAtb3IgJHJlZ0RhdGEgLW9yICRDQlNSZWJvb3RTdGF0dXMpCiAgICB7CiAgICAgICAgcmV0dXJuICRUcnVlCiAgICB9CiAgICBlbHNlCiAgICB7CiAgICAgICAgcmV0dXJuICRGYWxzZQogICAgfQp9CgojIHRoaXMgbGluZSBtdXN0IHN0YXkgYXQgdGhlIGJvdHRvbSB0byBlbnN1cmUgYWxsIGRlZmluZWQgbW9kdWxlIHBhcnRzIGFyZSBleHBvcnRlZApFeHBvcnQtTW9kdWxlTWVtYmVyIC1BbGlhcyAqIC1GdW5jdGlvbiAqIC1DbWRsZXQgKgoK", "Ansible.ModuleUtils.FileUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCjwjClRlc3QtUGF0aC9HZXQtSXRlbSBjYW5ub3QgZmluZC9yZXR1cm4gaW5mbyBvbiBmaWxlcyB0aGF0IGFyZSBsb2NrZWQgbGlrZQpDOlxwYWdlZmlsZS5zeXMuIFRoZXNlIDIgZnVuY3Rpb25zIGFyZSBkZXNpZ25lZCB0byB3b3JrIHdpdGggdGhlc2UgZmlsZXMgYW5kCnByb3ZpZGUgc2ltaWxhciBmdW5jdGlvbmFsaXR5IHdpdGggdGhlIG5vcm1hbCBjbWRsZXRzIHdpdGggYXMgbWluaW1hbCBvdmVyaGVhZAphcyBwb3NzaWJsZS4gVGhleSB3b3JrIGJ5IHVzaW5nIEdldC1DaGlsZEl0ZW0gd2l0aCBhIGZpbHRlciBhbmQgcmV0dXJuIHRoZQpyZXN1bHQgZnJvbSB0aGF0LgojPgoKRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIFRlc3QtUGF0aAogICAgdHJ5IHsKICAgICAgICAkZmlsZV9hdHRyaWJ1dGVzID0gW1N5c3RlbS5JTy5GaWxlXTo6R2V0QXR0cmlidXRlcygkUGF0aCkKICAgIH0gY2F0Y2ggW1N5c3RlbS5JTy5GaWxlTm90Rm91bmRFeGNlcHRpb25dLCBbU3lzdGVtLklPLkRpcmVjdG9yeU5vdEZvdW5kRXhjZXB0aW9uXSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfSBjYXRjaCBbTm90U3VwcG9ydGVkRXhjZXB0aW9uXSB7CiAgICAgICAgIyBXaGVuIHRlc3RpbmcgYSBwYXRoIGxpa2UgQ2VydDpcTG9jYWxNYWNoaW5lXE15LCBTeXN0ZW0uSU8uRmlsZSB3aWxsCiAgICAgICAgIyBub3Qgd29yaywgd2UganVzdCByZXZlcnQgYmFjayB0byB1c2luZyBUZXN0LVBhdGggZm9yIHRoaXMKICAgICAgICByZXR1cm4gVGVzdC1QYXRoIC1QYXRoICRQYXRoCiAgICB9CgogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHJldHVybiAkZmFsc2UKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICR0cnVlCiAgICB9Cn0KCkZ1bmN0aW9uIEdldC1BbnNpYmxlSXRlbSB7CiAgICBbQ21kbGV0QmluZGluZygpXQogICAgUGFyYW0oCiAgICAgICAgW1BhcmFtZXRlcihNYW5kYXRvcnk9JHRydWUpXVtzdHJpbmddJFBhdGgKICAgICkKICAgICMgUmVwbGFjZW1lbnQgZm9yIEdldC1JdGVtCiAgICB0cnkgewogICAgICAgICRmaWxlX2F0dHJpYnV0ZXMgPSBbU3lzdGVtLklPLkZpbGVdOjpHZXRBdHRyaWJ1dGVzKCRQYXRoKQogICAgfSBjYXRjaCB7CiAgICAgICAgIyBpZiAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb3RpbnVlIGlzIHNldCBvbiB0aGUgY21kbGV0IGFuZCB3ZSBmYWlsZWQgdG8KICAgICAgICAjIGdldCB0aGUgYXR0cmlidXRlcywganVzdCByZXR1cm4gJG51bGwsIG90aGVyd2lzZSB0aHJvdyB0aGUgZXJyb3IKICAgICAgICBpZiAoJEVycm9yQWN0aW9uUHJlZmVyZW5jZSAtbmUgIlNpbGVudGx5Q29udGludWUiKSB7CiAgICAgICAgICAgIHRocm93ICRfCiAgICAgICAgfQogICAgICAgIHJldHVybiAkbnVsbAogICAgfQogICAgaWYgKFtJbnQzMl0kZmlsZV9hdHRyaWJ1dGVzIC1lcSAtMSkgewogICAgICAgIHRocm93IE5ldy1PYmplY3QgLVR5cGVOYW1lIFN5c3RlbS5NYW5hZ2VtZW50LkF1dG9tYXRpb24uSXRlbU5vdEZvdW5kRXhjZXB0aW9uIC1Bcmd1bWVudExpc3QgIkNhbm5vdCBmaW5kIHBhdGggJyRQYXRoJyBiZWNhdXNlIGl0IGRvZXMgbm90IGV4aXN0LiIKICAgIH0gZWxzZWlmICgkZmlsZV9hdHRyaWJ1dGVzLkhhc0ZsYWcoW1N5c3RlbS5JTy5GaWxlQXR0cmlidXRlc106OkRpcmVjdG9yeSkpIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkRpcmVjdG9yeUluZm8gLUFyZ3VtZW50TGlzdCAkUGF0aAogICAgfSBlbHNlIHsKICAgICAgICByZXR1cm4gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLklPLkZpbGVJbmZvIC1Bcmd1bWVudExpc3QgJFBhdGgKICAgIH0KfQoKRXhwb3J0LU1vZHVsZU1lbWJlciAtRnVuY3Rpb24gVGVzdC1BbnNpYmxlUGF0aCwgR2V0LUFuc2libGVJdGVtCg=="}, "module_entry": "IyFwb3dlcnNoZWxsCgojIENvcHlyaWdodDogKGMpIDIwMTcsIEFuc2libGUgUHJvamVjdAojIEdOVSBHZW5lcmFsIFB1YmxpYyBMaWNlbnNlIHYzLjArIChzZWUgQ09QWUlORyBvciBodHRwczovL3d3dy5nbnUub3JnL2xpY2Vuc2VzL2dwbC0zLjAudHh0KQoKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5MZWdhY3kKI1JlcXVpcmVzIC1Nb2R1bGUgQW5zaWJsZS5Nb2R1bGVVdGlscy5Db21tYW5kVXRpbAojUmVxdWlyZXMgLU1vZHVsZSBBbnNpYmxlLk1vZHVsZVV0aWxzLkZpbGVVdGlsCgojIFRPRE86IGFkZCBjaGVjayBtb2RlIHN1cHBvcnQKClNldC1TdHJpY3RNb2RlIC1WZXJzaW9uIDIKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKIyBDbGVhbnNlIENMSVhNTCBmcm9tIHN0ZGVyciAoc2lmdCBvdXQgZXJyb3Igc3RyZWFtIGRhdGEsIGRpc2NhcmQgb3RoZXJzIGZvciBub3cpCkZ1bmN0aW9uIENsZWFuc2UtU3RkZXJyKCRyYXdfc3RkZXJyKSB7CiAgICBUcnkgewogICAgICAgICMgTkI6IHRoaXMgcmVnZXggaXNuJ3QgcGVyZmVjdCwgYnV0IGlzIGRlY2VudCBhdCBmaW5kaW5nIENMSVhNTCBhbW9uZ3N0IG90aGVyIHN0ZGVyciBub2lzZQogICAgICAgIElmKCRyYXdfc3RkZXJyIC1tYXRjaCAiKD9zKSg/PHByZW5vaXNlMT4uKikjPCBDTElYTUwoPzxwcmVub2lzZTI+LiopKD88Y2xpeG1sPjxPYmpzLis8L09ianM+KSg/PHBvc3Rub2lzZT4uKikiKSB7CiAgICAgICAgICAgICRjbGl4bWwgPSBbeG1sXSRtYXRjaGVzWyJjbGl4bWwiXQoKICAgICAgICAgICAgJG1lcmdlZF9zdGRlcnIgPSAiezB9ezF9ezJ9ezN9IiAtZiBAKAogICAgICAgICAgICAgICAkbWF0Y2hlc1sicHJlbm9pc2UxIl0sCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwcmVub2lzZTIiXSwKICAgICAgICAgICAgICAgIyBmaWx0ZXIgb3V0IGp1c3QgdGhlIEVycm9yLXRhZ2dlZCBzdHJpbmdzIGZvciBub3csIGFuZCB6YXAgZW1iZWRkZWQgQ1JMRiBjaGFycwogICAgICAgICAgICAgICAoJGNsaXhtbC5PYmpzLkNoaWxkTm9kZXMgfCA/IHsgJF8uTmFtZSAtZXEgJ1MnIH0gfCA/IHsgJF8uUyAtZXEgJ0Vycm9yJyB9IHwgJSB7ICRfLicjdGV4dCcuUmVwbGFjZSgnX3gwMDBEX194MDAwQV8nLCcnKSB9IHwgT3V0LVN0cmluZyksCiAgICAgICAgICAgICAgICRtYXRjaGVzWyJwb3N0bm9pc2UiXSkgfCBPdXQtU3RyaW5nCgogICAgICAgICAgICByZXR1cm4gJG1lcmdlZF9zdGRlcnIuVHJpbSgpCgogICAgICAgICAgICAjIEZVVFVSRTogcGFyc2UvcmV0dXJuIG90aGVyIHN0cmVhbXMKICAgICAgICB9CiAgICAgICAgRWxzZSB7CiAgICAgICAgICAgICRyYXdfc3RkZXJyCiAgICAgICAgfQogICAgfQogICAgQ2F0Y2ggewogICAgICAgICIqKipFWENFUFRJT04gUEFSU0lORyBDTElYTUw6ICRfKioqIiArICRyYXdfc3RkZXJyCiAgICB9Cn0KCiRwYXJhbXMgPSBQYXJzZS1BcmdzICRhcmdzIC1zdXBwb3J0c19jaGVja19tb2RlICRmYWxzZQoKJHJhd19jb21tYW5kX2xpbmUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX3Jhd19wYXJhbXMiIC10eXBlICJzdHIiIC1mYWlsaWZlbXB0eSAkdHJ1ZQokY2hkaXIgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY2hkaXIiIC10eXBlICJwYXRoIgokZXhlY3V0YWJsZSA9IEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJleGVjdXRhYmxlIiAtdHlwZSAicGF0aCIKJGNyZWF0ZXMgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiY3JlYXRlcyIgLXR5cGUgInBhdGgiCiRyZW1vdmVzID0gR2V0LUFuc2libGVQYXJhbSAtb2JqICRwYXJhbXMgLW5hbWUgInJlbW92ZXMiIC10eXBlICJwYXRoIgokc3RkaW4gPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAic3RkaW4iIC10eXBlICJzdHIiCgokcmF3X2NvbW1hbmRfbGluZSA9ICRyYXdfY29tbWFuZF9saW5lLlRyaW0oKQoKJHJlc3VsdCA9IEB7CiAgICBjaGFuZ2VkID0gJHRydWUKICAgIGNtZCA9ICRyYXdfY29tbWFuZF9saW5lCn0KCmlmICgkY3JlYXRlcyAtYW5kICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkY3JlYXRlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJGNyZWF0ZXMgZXhpc3RzIjtjbWQ9JHJhd19jb21tYW5kX2xpbmU7Y2hhbmdlZD0kZmFsc2U7c2tpcHBlZD0kdHJ1ZTtyYz0wfQp9CgppZiAoJHJlbW92ZXMgLWFuZCAtbm90ICQoVGVzdC1BbnNpYmxlUGF0aCAtUGF0aCAkcmVtb3ZlcykpIHsKICAgIEV4aXQtSnNvbiBAe21zZz0ic2tpcHBlZCwgc2luY2UgJHJlbW92ZXMgZG9lcyBub3QgZXhpc3QiO2NtZD0kcmF3X2NvbW1hbmRfbGluZTtjaGFuZ2VkPSRmYWxzZTtza2lwcGVkPSR0cnVlO3JjPTB9Cn0KCiRleGVjX2FyZ3MgPSAkbnVsbApJZigtbm90ICRleGVjdXRhYmxlIC1vciAkZXhlY3V0YWJsZSAtZXEgInBvd2Vyc2hlbGwiKSB7CiAgICAkZXhlY19hcHBsaWNhdGlvbiA9ICJwb3dlcnNoZWxsLmV4ZSIKCiAgICAjIGZvcmNlIGlucHV0IGVuY29kaW5nIHRvIHByZWFtYmxlLWZyZWUgVVRGOCBzbyBQUyBzdWItcHJvY2Vzc2VzIChlZywgU3RhcnQtSm9iKSBkb24ndCBibG93IHVwCiAgICAkcmF3X2NvbW1hbmRfbGluZSA9ICJbQ29uc29sZV06OklucHV0RW5jb2RpbmcgPSBOZXctT2JqZWN0IFRleHQuVVRGOEVuY29kaW5nIGAkZmFsc2U7ICIgKyAkcmF3X2NvbW1hbmRfbGluZQoKICAgICMgQmFzZTY0IGVuY29kZSB0aGUgY29tbWFuZCBzbyB3ZSBkb24ndCBoYXZlIHRvIHdvcnJ5IGFib3V0IHRoZSB2YXJpb3VzIGxldmVscyBvZiBlc2NhcGluZwogICAgJGVuY29kZWRfY29tbWFuZCA9IFtDb252ZXJ0XTo6VG9CYXNlNjRTdHJpbmcoW1N5c3RlbS5UZXh0LkVuY29kaW5nXTo6VW5pY29kZS5HZXRCeXRlcygkcmF3X2NvbW1hbmRfbGluZSkpCgogICAgaWYgKCRzdGRpbikgewogICAgICAgICRleGVjX2FyZ3MgPSAiLWVuY29kZWRjb21tYW5kICRlbmNvZGVkX2NvbW1hbmQiCiAgICB9IGVsc2UgewogICAgICAgICRleGVjX2FyZ3MgPSAiLW5vbmludGVyYWN0aXZlIC1lbmNvZGVkY29tbWFuZCAkZW5jb2RlZF9jb21tYW5kIgogICAgfQp9CkVsc2UgewogICAgIyBGVVRVUkU6IHN1cHBvcnQgYXJnIHRyYW5zbGF0aW9uIGZyb20gZXhlY3V0YWJsZSAob3IgZXhlY3V0YWJsZV9hcmdzPykgdG8gcHJvY2VzcyBhcmd1bWVudHMgZm9yIGFyYml0cmFyeSBpbnRlcnByZXRlcj8KICAgICRleGVjX2FwcGxpY2F0aW9uID0gJGV4ZWN1dGFibGUKICAgIGlmICgtbm90ICgkZXhlY19hcHBsaWNhdGlvbi5FbmRzV2l0aCgiLmV4ZSIpKSkgewogICAgICAgICRleGVjX2FwcGxpY2F0aW9uID0gIiQoJGV4ZWNfYXBwbGljYXRpb24pLmV4ZSIKICAgIH0KICAgICRleGVjX2FyZ3MgPSAiL2MgJHJhd19jb21tYW5kX2xpbmUiCn0KCiRjb21tYW5kID0gIiRleGVjX2FwcGxpY2F0aW9uICRleGVjX2FyZ3MiCiRydW5fY29tbWFuZF9hcmcgPSBAewogICAgY29tbWFuZCA9ICRjb21tYW5kCn0KaWYgKCRjaGRpcikgewogICAgJHJ1bl9jb21tYW5kX2FyZ1snd29ya2luZ19kaXJlY3RvcnknXSA9ICRjaGRpcgp9CmlmICgkc3RkaW4pIHsKICAgICRydW5fY29tbWFuZF9hcmdbJ3N0ZGluJ10gPSAkc3RkaW4KfQoKJHN0YXJ0X2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CnRyeSB7CiAgICAkY29tbWFuZF9yZXN1bHQgPSBSdW4tQ29tbWFuZCBAcnVuX2NvbW1hbmRfYXJnCn0gY2F0Y2ggewogICAgJHJlc3VsdC5jaGFuZ2VkID0gJGZhbHNlCiAgICB0cnkgewogICAgICAgICRyZXN1bHQucmMgPSAkXy5FeGNlcHRpb24uTmF0aXZlRXJyb3JDb2RlCiAgICB9IGNhdGNoIHsKICAgICAgICAkcmVzdWx0LnJjID0gMgogICAgfQogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAkXy5FeGNlcHRpb24uTWVzc2FnZQp9CgojIFRPRE86IGRlY29kZSBDTElYTUwgc3RkZXJyIG91dHB1dCAoYW5kIG90aGVyIHN0cmVhbXM/KQokcmVzdWx0LnN0ZG91dCA9ICRjb21tYW5kX3Jlc3VsdC5zdGRvdXQKJHJlc3VsdC5zdGRlcnIgPSBDbGVhbnNlLVN0ZGVyciAkY29tbWFuZF9yZXN1bHQuc3RkZXJyIAokcmVzdWx0LnJjID0gJGNvbW1hbmRfcmVzdWx0LnJjCgokZW5kX2RhdGV0aW1lID0gW0RhdGVUaW1lXTo6VXRjTm93CiRyZXN1bHQuc3RhcnQgPSAkc3RhcnRfZGF0ZXRpbWUuVG9TdHJpbmcoInl5eXktTU0tZGQgaGg6bW06c3MuZmZmZmZmIikKJHJlc3VsdC5lbmQgPSAkZW5kX2RhdGV0aW1lLlRvU3RyaW5nKCJ5eXl5LU1NLWRkIGhoOm1tOnNzLmZmZmZmZiIpCiRyZXN1bHQuZGVsdGEgPSAkKCRlbmRfZGF0ZXRpbWUgLSAkc3RhcnRfZGF0ZXRpbWUpLlRvU3RyaW5nKCJoXDptbVw6c3NcLmZmZmZmZiIpCgpJZiAoJHJlc3VsdC5yYyAtbmUgMCkgewogICAgRmFpbC1Kc29uIC1vYmogJHJlc3VsdCAtbWVzc2FnZSAibm9uLXplcm8gcmV0dXJuIGNvZGUiCn0KCkV4aXQtSnNvbiAkcmVzdWx0Cg==", "module_args": {"_ansible_version": "2.7.0", "_ansible_selinux_special_fs": ["fuse", "nfs", "vboxsf", "ramfs", "9p"], "_ansible_no_log": false, "_ansible_module_name": "win_shell", "_raw_params": "Select-String -path c:\\openstack\\build\\requirements\\\\setup.cfg -pattern \"^name.*=.*\" | % {$_.matches.value.split(\"=\")[1].trim()}", "_ansible_verbosity": 4, "_ansible_keep_remote_files": false, "_ansible_syslog_facility": "LOG_USER", "_ansible_socket": null, "_ansible_remote_tmp": "%TEMP%", "_ansible_diff": false, "_ansible_debug": false, "_ansible_shell_executable": "/bin/sh", "_ansible_check_mode": false, "_ansible_tmpdir": null}} '@ } process { $input_as_string = [string]$input $json_raw += $input_as_string } end { If (-not $json_raw) { Write-Error "no input given" -Category InvalidArgument } $payload = ConvertTo-HashtableFromPsCustomObject (ConvertFrom-Json $json_raw) # TODO: handle binary modules # TODO: handle persistence $min_os_version = [version]$payload.min_os_version if ($min_os_version -ne $null) { $actual_os_version = [System.Environment]::OSVersion.Version if ($actual_os_version -lt $min_os_version) { $msg = "This module cannot run on this OS as it requires a minimum version of $min_os_version, actual was $actual_os_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $min_ps_version = [version]$payload.min_ps_version if ($min_ps_version -ne $null) { $actual_ps_version = $PSVersionTable.PSVersion if ($actual_ps_version -lt $min_ps_version) { $msg = "This module cannot run as it requires a minimum PowerShell version of $min_ps_version, actual was $actual_ps_version" Write-Output (ConvertTo-Json @{failed=$true;msg=$msg}) exit 1 } } $actions = $payload.actions # pop 0th action as entrypoint $entrypoint = $payload.($actions[0]) $payload.actions = $payload.actions[1..99] $entrypoint = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($entrypoint)) # load the current action entrypoint as a module custom object with a Run method $entrypoint = New-Module -ScriptBlock ([scriptblock]::Create($entrypoint)) -AsCustomObject Set-Variable -Scope global -Name complex_args -Value $payload["module_args"] | Out-Null # dynamically create/load modules ForEach ($mod in $payload.powershell_modules.GetEnumerator()) { $decoded_module = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($mod.Value)) New-Module -ScriptBlock ([scriptblock]::Create($decoded_module)) -Name $mod.Key | Import-Module -WarningAction SilentlyContinue | Out-Null } $output = $entrypoint.Run($payload) Write-Output $output } ScriptBlock ID: f145171b-ab1f-4a7f-89b6-d6612b94fda4 Path:	4104	1		3	2	15	0	1109	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0002-0dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (2 of 3): gfSk7CiAgICAgICAgICAgIGZvcmVhY2ggKHZhciB3aCBpbiBuZXcgV2FpdEhhbmRsZVtdIHsgc293YWl0LCBzZXdhaXQgfSkKICAgICAgICAgICAgICAgIHdoLldhaXRPbmUoKTsKICAgICAgICAgICAgc3Rkb3V0ID0gc287CiAgICAgICAgICAgIHN0ZGVyciA9IHNlOwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdWludCBHZXRQcm9jZXNzRXhpdENvZGUoSW50UHRyIHByb2Nlc3NIYW5kbGUpCiAgICAgICAgewogICAgICAgICAgICBuZXcgTmF0aXZlV2FpdEhhbmRsZShwcm9jZXNzSGFuZGxlKS5XYWl0T25lKCk7CiAgICAgICAgICAgIHVpbnQgZXhpdENvZGU7CiAgICAgICAgICAgIGlmICghR2V0RXhpdENvZGVQcm9jZXNzKHByb2Nlc3NIYW5kbGUsIG91dCBleGl0Q29kZSkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIGdldHRpbmcgcHJvY2VzcyBleGl0IGNvZGUiKTsKICAgICAgICAgICAgcmV0dXJuIGV4aXRDb2RlOwogICAgICAgIH0KICAgIH0KfQoiQAoKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICdTdG9wJwoKRnVuY3Rpb24gTG9hZC1Db21tYW5kVXRpbHMgewogICAgIyBtYWtlcyB0aGUgZm9sbG93aW5nIHN0YXRpYyBmdW5jdGlvbnMgYXZhaWxhYmxlCiAgICAjICAgW0Fuc2libGUuQ29tbWFuZFV0aWxdOjpQYXJzZUNvbW1hbmRMaW5lKHN0cmluZyBscENvbW1hbmRMaW5lKQogICAgIyAgIFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aChzdHJpbmcgbHBGaWxlTmFtZSkKICAgICMgICBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIHN0cmluZyBlbnZpcm9ubWVudEJsb2NrKQogICAgIwogICAgIyB0aGVyZSBhcmUgYWxzbyBudW1lcm91cyBQL0ludm9rZSBtZXRob2RzIHRoYXQgY2FuIGJlIGNhbGxlZCBpZiB5b3UgYXJlIGZlZWxpbmcgYWR2ZW50dXJvdXMKCiAgICAjIEZVVFVSRTogZmluZCBhIGJldHRlciB3YXkgdG8gZ2V0IHRoZSBfYW5zaWJsZV9yZW1vdGVfdG1wIHZhcmlhYmxlCiAgICAkb3JpZ2luYWxfdG1wID0gJGVudjpUTVAKCiAgICAkcmVtb3RlX3RtcCA9ICRvcmlnaW5hbF90bXAKICAgICRtb2R1bGVfcGFyYW1zID0gR2V0LVZhcmlhYmxlIC1OYW1lIGNvbXBsZXhfYXJncyAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgaWYgKCRtb2R1bGVfcGFyYW1zKSB7CiAgICAgICAgaWYgKCRtb2R1bGVfcGFyYW1zLlZhbHVlLkNvbnRhaW5zS2V5KCJfYW5zaWJsZV9yZW1vdGVfdG1wIikgKSB7CiAgICAgICAgICAgICRyZW1vdGVfdG1wID0gJG1vZHVsZV9wYXJhbXMuVmFsdWVbIl9hbnNpYmxlX3JlbW90ZV90bXAiXQogICAgICAgICAgICAkcmVtb3RlX3RtcCA9IFtTeXN0ZW0uRW52aXJvbm1lbnRdOjpFeHBhbmRFbnZpcm9ubWVudFZhcmlhYmxlcygkcmVtb3RlX3RtcCkKICAgICAgICB9CiAgICB9CgogICAgJGVudjpUTVAgPSAkcmVtb3RlX3RtcAogICAgQWRkLVR5cGUgLVR5cGVEZWZpbml0aW9uICRwcm9jZXNzX3V0aWwKICAgICRlbnY6VE1QID0gJG9yaWdpbmFsX3RtcAp9CgpGdW5jdGlvbiBHZXQtRXhlY3V0YWJsZVBhdGgoJGV4ZWN1dGFibGUsICRkaXJlY3RvcnkpIHsKICAgICMgbHBBcHBsaWNhdGlvbk5hbWUgcmVxdWlyZXMgdGhlIGZ1bGwgcGF0aCB0byBhIGZpbGUsIHdlIG5lZWQgdG8gZmluZCBpdAogICAgIyBvdXJzZWx2ZXMuCgogICAgIyB3ZSBuZWVkIHRvIGFkZCAuZXhlIGlmIGl0IGRvZXNuJ3QgaGF2ZSBhbiBleHRlbnNpb24gYWxyZWFkeQogICAgaWYgKC1ub3QgW1N5c3RlbS5JTy5QYXRoXTo6SGFzRXh0ZW5zaW9uKCRleGVjdXRhYmxlKSkgewogICAgICAgICRleGVjdXRhYmxlID0gIiQoJGV4ZWN1dGFibGUpLmV4ZSIKICAgIH0KICAgICRmdWxsX3BhdGggPSBbU3lzdGVtLklPLlBhdGhdOjpHZXRGdWxsUGF0aCgkZXhlY3V0YWJsZSkKCiAgICBpZiAoJGZ1bGxfcGF0aCAtbmUgJGV4ZWN1dGFibGUgLWFuZCAkZGlyZWN0b3J5IC1uZSAkbnVsbCkgewogICAgICAgICRmaWxlID0gR2V0LUl0ZW0gLVBhdGggIiRkaXJlY3RvcnlcJGV4ZWN1dGFibGUiIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfSBlbHNlIHsKICAgICAgICAkZmlsZSA9IEdldC1JdGVtIC1QYXRoICRleGVjdXRhYmxlIC1Gb3JjZSAtRXJyb3JBY3Rpb24gU2lsZW50bHlDb250aW51ZQogICAgfQoKICAgIGlmICgkZmlsZSAtbmUgJG51bGwpIHsKICAgICAgICAkZXhlY3V0YWJsZV9wYXRoID0gJGZpbGUuRnVsbE5hbWUKICAgIH0gZWxzZSB7CiAgICAgICAgJGV4ZWN1dGFibGVfcGF0aCA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6U2VhcmNoUGF0aCgkZXhlY3V0YWJsZSkgICAgCiAgICB9CiAgICByZXR1cm4gJGV4ZWN1dGFibGVfcGF0aAp9CgpGdW5jdGlvbiBSdW4tQ29tbWFuZCB7CiAgICBQYXJhbSgKICAgICAgICBbc3RyaW5nXSRjb21tYW5kLCAjIHRoZSBmdWxsIGNvbW1hbmQgdG8gcnVuIGluY2x1ZGluZyB0aGUgZXhlY3V0YWJsZQogICAgICAgIFtzdHJpbmddJHdvcmtpbmdfZGlyZWN0b3J5ID0gJG51bGwsICMgdGhlIHdvcmtpbmcgZGlyZWN0b3J5IHRvIHJ1biB1bmRlciwgd2lsbCBkZWZhdWx0IHRvIHRoZSBjdXJyZW50IGRpcgogICAgICAgIFtzdHJpbmddJHN0ZGluID0gJG51bGwsICMgYSBzdHJpbmcgdG8gc2VuZCB0byB0aGUgc3RkaW4gcGlwZSB3aGVuIGV4ZWN1dGluZyB0aGUgY29tbWFuZAogICAgICAgIFtoYXNodGFibGVdJGVudmlyb25tZW50ID0gQHt9ICMgYSBoYXNodGFibGUgb2YgZW52aXJvbm1lbnQgdmFsdWVzIHRvIHJ1biB0aGUgY29tbWFuZCB1bmRlciwgdGhpcyB3aWxsIHJlcGxhY2UgYWxsIHRoZSBvdGhlciBlbnZpcm9ubWVudCB2YXJpYWJsZXMgd2l0aCB0aGVzZQogICAgKQogICAgCiAgICAjIGxvYWQgdGhlIEMjIGNvZGUgd2UgY2FsbCBpbiB0aGlzIGZ1bmN0aW9uCiAgICBMb2FkLUNvbW1hbmRVdGlscwoKICAgICMgbmVlZCB0byB2YWxpZGF0ZSB0aGUgd29ya2luZyBkaXJlY3RvcnkgaWYgaXQgaXMgc2V0CiAgICBpZiAoJHdvcmtpbmdfZGlyZWN0b3J5KSB7CiAgICAgICAgIyB2YWxpZGF0ZSB3b3JraW5nIGRpcmVjdG9yeSBpcyBhIHZhbGlkIHBhdGgKICAgICAgICBpZiAoLW5vdCAoVGVzdC1QYXRoIC1QYXRoICR3b3JraW5nX2RpcmVjdG9yeSkpIHsKICAgICAgICAgICAgdGhyb3cgImludmFsaWQgd29ya2luZyBkaXJlY3RvcnkgcGF0aCAnJHdvcmtpbmdfZGlyZWN0b3J5JyIKICAgICAgICB9CiAgICB9CgogICAgIyBscEFwcGxpY2F0aW9uTmFtZSBuZWVkcyB0byBiZSB0aGUgZnVsbCBwYXRoIHRvIGFuIGV4ZWN1dGFibGUsIHdlIGRvIHRoaXMKICAgICMgYnkgZ2V0dGluZyB0aGUgZXhlY3V0YWJsZSBhcyB0aGUgZmlyc3QgYXJnIGFuZCB0aGVuIGdldHRpbmcgdGhlIGZ1bGwgcGF0aAogICAgJGFyZ3VtZW50cyA9IFtBbnNpYmxlLkNvbW1hbmRVdGlsXTo6UGFyc2VDb21tYW5kTGluZSgkY29tbWFuZCkKICAgICRleGVjdXRhYmxlID0gR2V0LUV4ZWN1dGFibGVQYXRoIC1leGVjdXRhYmxlICRhcmd1bWVudHNbMF0gLWRpcmVjdG9yeSAkd29ya2luZ19kaXJlY3RvcnkKCiAgICAjIHJ1biB0aGUgY29tbWFuZCBhbmQgZ2V0IHRoZSByZXN1bHRzCiAgICAkY29tbWFuZF9yZXN1bHQgPSBbQW5zaWJsZS5Db21tYW5kVXRpbF06OlJ1bkNvbW1hbmQoJGV4ZWN1dGFibGUsICRjb21tYW5kLCAkd29ya2luZ19kaXJlY3RvcnksICRzdGRpbiwgJGVudmlyb25tZW50KQoKICAgIHJldHVybiAsQHsKICAgICAgICBleGVjdXRhYmxlID0gJGV4ZWN1dGFibGUKICAgICAgICBzdGRvdXQgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRPdXQKICAgICAgICBzdGRlcnIgPSAkY29tbWFuZF9yZXN1bHQuU3RhbmRhcmRFcnJvcgogICAgICAgIHJjID0gJGNvbW1hbmRfcmVzdWx0LkV4aXRDb2RlCiAgICB9Cn0KCiMgdGhpcyBsaW5lIG11c3Qgc3RheSBhdCB0aGUgYm90dG9tIHRvIGVuc3VyZSBhbGwgZGVmaW5lZCBtb2R1bGUgcGFydHMgYXJlIGV4cG9ydGVkCkV4cG9ydC1Nb2R1bGVNZW1iZXIgLUFsaWFzICogLUZ1bmN0aW9uICogLUNtZGxldCAqCg==", "Ansible.ModuleUtils.Legacy": "IyBDb3B5cmlnaHQgKGMpLCBNaWNoYWVsIERlSGFhbiA8bWljaGFlbC5kZWhhYW5AZ21haWwuY29tPiwgMjAxNCwgYW5kIG90aGVycwojIFNpbXBsaWZpZWQgQlNEIExpY2Vuc2UgKHNlZSBsaWNlbnNlcy9zaW1wbGlmaWVkX2JzZC50eHQgb3IgaHR0cHM6Ly9vcGVuc291cmNlLm9yZy9saWNlbnNlcy9CU0QtMi1DbGF1c2UpCgpTZXQtU3RyaWN0TW9kZSAtVmVyc2lvbiAyLjAKJEVycm9yQWN0aW9uUHJlZmVyZW5jZSA9ICJTdG9wIgoKRnVuY3Rpb24gU2V0LUF0dHIoJG9iaiwgJG5hbWUsICR2YWx1ZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gc2V0IGFuICJhdHRyaWJ1dGUiIG9uIGEgcHNvYmplY3QgaW5zdGFuY2UgaW4gUG93ZXJTaGVsbC4KICAgIFRoaXMgaXMgYSBjb252ZW5pZW5jZSB0byBtYWtlIGFkZGluZyBNZW1iZXJzIHRvIHRoZSBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgIFNldC1BdHRyICRyZXN1bHQgImNoYW5nZWQiICR0cnVlCiM+CgogICAgIyBJZiB0aGUgcHJvdmlkZWQgJG9iaiBpcyB1bmRlZmluZWQsIGRlZmluZSBvbmUgdG8gYmUgbmljZQogICAgSWYgKC1ub3QgJG9iai5HZXRUeXBlKQogICAgewogICAgICAgICRvYmogPSBAeyB9CiAgICB9CgogICAgVHJ5CiAgICB7CiAgICAgICAgJG9iai4kbmFtZSA9ICR2YWx1ZQogICAgfQogICAgQ2F0Y2gKICAgIHsKICAgICAgICAkb2JqIHwgQWRkLU1lbWJlciAtRm9yY2UgLU1lbWJlclR5cGUgTm90ZVByb3BlcnR5IC1OYW1lICRuYW1lIC1WYWx1ZSAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gRXhpdC1Kc29uKCRvYmopCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGNvbnZlcnQgYSBQb3dlclNoZWxsIG9iamVjdCB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcKICAgIHRoZSBzY3JpcHQKICAgIC5FWEFNUExFCiAgICBFeGl0LUpzb24gJHJlc3VsdAojPgoKICAgICMgSWYgdGhlIHByb3ZpZGVkICRvYmogaXMgdW5kZWZpbmVkLCBkZWZpbmUgb25lIHRvIGJlIG5pY2UKICAgIElmICgtbm90ICRvYmouR2V0VHlwZSkKICAgIHsKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoJ2NoYW5nZWQnKSkgewogICAgICAgIFNldC1BdHRyICRvYmogImNoYW5nZWQiICRmYWxzZQogICAgfQoKICAgIFdyaXRlLU91dHB1dCAkb2JqIHwgQ29udmVydFRvLUpzb24gLUNvbXByZXNzIC1EZXB0aCA5OQogICAgRXhpdAp9CgpGdW5jdGlvbiBGYWlsLUpzb24oJG9iaiwgJG1lc3NhZ2UgPSAkbnVsbCkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHRoZSAibXNnIiBwcm9wZXJ0eSBhbmQgImZhaWxlZCIgcHJvcGVydHksIGNvbnZlcnQgdGhlCiAgICBQb3dlclNoZWxsIEhhc2h0YWJsZSB0byBKU09OIGFuZCBvdXRwdXQgaXQsIGV4aXRpbmcgdGhlIHNjcmlwdAogICAgLkVYQU1QTEUKICAgIEZhaWwtSnNvbiAkcmVzdWx0ICJUaGlzIGlzIHRoZSBmYWlsdXJlIG1lc3NhZ2UiCiM+CgogICAgaWYgKCRvYmogLWlzIFtoYXNodGFibGVdIC1vciAkb2JqIC1pcyBbcHNvYmplY3RdKSB7CiAgICAgICAgIyBOb3RoaW5nIHRvIGRvCiAgICB9IGVsc2VpZiAoJG9iaiAtaXMgW3N0cmluZ10gLWFuZCAkbnVsbCAtZXEgJG1lc3NhZ2UpIHsKICAgICAgICAjIElmIHdlIHdlcmVuJ3QgZ2l2ZW4gMiBhcmdzLCBhbmQgdGhlIG9ubHkgYXJnIHdhcyBhIHN0cmluZywKICAgICAgICAjIGNyZWF0ZSBhIG5ldyBIYXNodGFibGUgYW5kIHVzZSB0aGUgYXJnIGFzIHRoZSBmYWlsdXJlIG1lc3NhZ2UKICAgICAgICAkbWVzc2FnZSA9ICRvYmoKICAgICAgICAkb2JqID0gQHsgfQogICAgfSBlbHNlIHsKICAgICAgICAjIElmIHRoZSBmaXJzdCBhcmd1bWVudCBpcyB1bmRlZmluZWQgb3IgYSBkaWZmZXJlbnQgdHlwZSwKICAgICAgICAjIG1ha2UgaXQgYSBIYXNodGFibGUKICAgICAgICAkb2JqID0gQHsgfQogICAgfQoKICAgICMgU3RpbGwgdXNpbmcgU2V0LUF0dHIgZm9yIFBTT2JqZWN0IGNvbXBhdGliaWxpdHkKICAgIFNldC1BdHRyICRvYmogIm1zZyIgJG1lc3NhZ2UKICAgIFNldC1BdHRyICRvYmogImZhaWxlZCIgJHRydWUKCiAgICBpZiAoLW5vdCAkb2JqLkNvbnRhaW5zS2V5KCdjaGFuZ2VkJykpIHsKICAgICAgICBTZXQtQXR0ciAkb2JqICJjaGFuZ2VkIiAkZmFsc2UKICAgIH0KCiAgICBXcml0ZS1PdXRwdXQgJG9iaiB8IENvbnZlcnRUby1Kc29uIC1Db21wcmVzcyAtRGVwdGggOTkKICAgIEV4aXQgMQp9CgpGdW5jdGlvbiBBZGQtV2FybmluZygkb2JqLCAkbWVzc2FnZSkKewo8IwogICAgLlNZTk9QU0lTCiAgICBIZWxwZXIgZnVuY3Rpb24gdG8gYWRkIHdhcm5pbmdzLCBldmVuIGlmIHRoZSB3YXJuaW5ncyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgoKICAgIGlmICgtbm90ICRvYmouQ29udGFpbnNLZXkoIndhcm5pbmdzIikpIHsKICAgICAgICAkb2JqLndhcm5pbmdzID0gQCgpCiAgICB9IGVsc2VpZiAoJG9iai53YXJuaW5ncyAtaXNub3QgW2FycmF5XSkgewogICAgICAgIHRocm93ICJBZGQtV2FybmluZzogd2FybmluZ3MgYXR0cmlidXRlIGlzIG5vdCBhbiBhcnJheSIKICAgIH0KCiAgICAkb2JqLndhcm5pbmdzICs9ICRtZXNzYWdlCn0KCkZ1bmN0aW9uIEFkZC1EZXByZWNhdGlvbldhcm5pbmcoJG9iaiwgJG1lc3NhZ2UsICR2ZXJzaW9uID0gJG51bGwpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGFkZCBkZXByZWNhdGlvbnMsIGV2ZW4gaWYgdGhlIGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgd2FzCiAgICBub3QgYWxyZWFkeSBzZXQgdXAuIFRoaXMgaXMgYSBjb252ZW5pZW5jZSBmb3IgdGhlIG1vZHVsZSBkZXZlbG9wZXIKICAgIHNvIHRoZXkgZG8gbm90IGhhdmUgdG8gY2hlY2sgZm9yIHRoZSBhdHRyaWJ1dGUgcHJpb3IgdG8gYWRkaW5nLgojPgogICAgaWYgKC1ub3QgJG9iai5Db250YWluc0tleSgiZGVwcmVjYXRpb25zIikpIHsKICAgICAgICAkb2JqLmRlcHJlY2F0aW9ucyA9IEAoKQogICAgfSBlbHNlaWYgKCRvYmouZGVwcmVjYXRpb25zIC1pc25vdCBbYXJyYXldKSB7CiAgICAgICAgdGhyb3cgIkFkZC1EZXByZWNhdGlvbldhcm5pbmc6IGRlcHJlY2F0aW9ucyBhdHRyaWJ1dGUgaXMgbm90IGEgbGlzdCIKICAgIH0KCiAgICAkb2JqLmRlcHJlY2F0aW9ucyArPSBAewogICAgICAgIG1zZyA9ICRtZXNzYWdlCiAgICAgICAgdmVyc2lvbiA9ICR2ZXJzaW9uCiAgICB9Cn0KCkZ1bmN0aW9uIEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZ1bmN0aW9uIHRvIGV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgaW4gdmFsdWVzLiBCeSBkZWZhdWx0CiAgICBpdCB0dXJucyBhbnkgdHlwZSB0byBhIHN0cmluZywgYnV0IHdlIGVuc3VyZSAkbnVsbCByZW1haW5zICRudWxsLgojPgogICAgaWYgKCRudWxsIC1uZSAkdmFsdWUpIHsKICAgICAgICBbU3lzdGVtLkVudmlyb25tZW50XTo6RXhwYW5kRW52aXJvbm1lbnRWYXJpYWJsZXMoJHZhbHVlKQogICAgfSBlbHNlIHsKICAgICAgICAkdmFsdWUKICAgIH0KfQoKRnVuY3Rpb24gR2V0LUFuc2libGVQYXJhbSgkb2JqLCAkbmFtZSwgJGRlZmF1bHQgPSAkbnVsbCwgJHJlc3VsdG9iaiA9IEB7fSwgJGZhaWxpZmVtcHR5ID0gJGZhbHNlLCAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSwgJFZhbGlkYXRlU2V0LCAkVmFsaWRhdGVTZXRFcnJvck1lc3NhZ2UsICR0eXBlID0gJG51bGwsICRhbGlhc2VzID0gQCgpKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBnZXQgYW4gImF0dHJpYnV0ZSIgZnJvbSBhIHBzb2JqZWN0IGluc3RhbmNlIGluIFBvd2VyU2hlbGwuCiAgICBUaGlzIGlzIGEgY29udmVuaWVuY2UgdG8gbWFrZSBnZXR0aW5nIE1lbWJlcnMgZnJvbSBhbiBvYmplY3QgZWFzaWVyIGFuZAogICAgc2xpZ2h0bHkgbW9yZSBweXRob25pYwogICAgLkVYQU1QTEUKICAgICRhdHRyID0gR2V0LUFuc2libGVQYXJhbSAkcmVzcG9uc2UgImNvZGUiIC1kZWZhdWx0ICIxIgogICAgLkVYQU1QTEUKICAgIEdldC1BbnNpYmxlUGFyYW0gLW9iaiAkcGFyYW1zIC1uYW1lICJTdGF0ZSIgLWRlZmF1bHQgIlByZXNlbnQiIC1WYWxpZGF0ZVNldCAiUHJlc2VudCIsIkFic2VudCIgLXJlc3VsdG9iaiAkcmVzdWx0b2JqIC1mYWlsaWZlbXB0eSAkdHJ1ZQogICAgR2V0LUFuc2libGVQYXJhbSBhbHNvIHN1cHBvcnRzIFBhcmFtZXRlciB2YWxpZGF0aW9uIHRvIHNhdmUgeW91IGZyb20gY29kaW5nIHRoYXQgbWFudWFsbHkKICAgIE5vdGUgdGhhdCBpZiB5b3UgdXNlIHRoZSBmYWlsaWZlbXB0eSBvcHRpb24sIHlvdSBkbyBuZWVkIHRvIHNwZWNpZnkgcmVzdWx0b2JqZWN0IGFzIHdlbGwuCiM+CiAgICAjIENoZWNrIGlmIHRoZSBwcm92aWRlZCBNZW1iZXIgJG5hbWUgb3IgYWxpYXNlcyBleGlzdCBpbiAkb2JqIGFuZCByZXR1cm4gaXQgb3IgdGhlIGRlZmF1bHQuCiAgICB0cnkgewoKICAgICAgICAkZm91bmQgPSAkbnVsbAogICAgICAgICMgRmlyc3QgdHJ5IHRvIGZpbmQgcHJlZmVycmVkIHBhcmFtZXRlciAkbmFtZQogICAgICAgICRhbGlhc2VzID0gQCgkbmFtZSkgKyAkYWxpYXNlcwoKICAgICAgICAjIEl0ZXJhdGUgb3ZlciBhbGlhc2VzIHRvIGZpbmQgYWNjZXB0YWJsZSBNZW1iZXIgJG5hbWUKICAgICAgICBmb3JlYWNoICgkYWxpYXMgaW4gJGFsaWFzZXMpIHsKICAgICAgICAgICAgaWYgKCRvYmouQ29udGFpbnNLZXkoJGFsaWFzKSkgewogICAgICAgICAgICAgICAgJGZvdW5kID0gJGFsaWFzCiAgICAgICAgICAgICAgICBicmVhawogICAgICAgICAgICB9CiAgICAgICAgfQoKICAgICAgICBpZiAoJG51bGwgLWVxICRmb3VuZCkgewogICAgICAgICAgICB0aHJvdwogICAgICAgIH0KICAgICAgICAkbmFtZSA9ICRmb3VuZAoKICAgICAgICBpZiAoJFZhbGlkYXRlU2V0KSB7CgogICAgICAgICAgICBpZiAoJFZhbGlkYXRlU2V0IC1jb250YWlucyAoJG9iai4kbmFtZSkpIHsKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICRvYmouJG5hbWUKICAgICAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgICAgIGlmICgkbnVsbCAtZXEgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAgICAgI0F1dG8tZ2VuZXJhdGVkIGVycm9yIHNob3VsZCBiZSBzdWZmaWNpZW50IGluIG1vc3QgdXNlIGNhc2VzCiAgICAgICAgICAgICAgICAgICAgJFZhbGlkYXRlU2V0RXJyb3JNZXNzYWdlID0gIkdldC1BbnNpYmxlUGFyYW06IEFyZ3VtZW50ICRuYW1lIG5lZWRzIHRvIGJlIG9uZSBvZiAkKCRWYWxpZGF0ZVNldCAtam9pbiAiLCIpIGJ1dCB3YXMgJCgkb2JqLiRuYW1lKS4iCiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRWYWxpZGF0ZVNldEVycm9yTWVzc2FnZQogICAgICAgICAgICB9CiAgICAgICAgfSBlbHNlIHsKICAgICAgICAgICAgJHZhbHVlID0gJG9iai4kbmFtZQogICAgICAgIH0KICAgIH0gY2F0Y2ggewogICAgICAgIGlmICgkZmFpbGlmZW1wdHkgLWVxICRmYWxzZSkgewogICAgICAgICAgICAkdmFsdWUgPSAkZGVmYXVsdAogICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgIGlmICgtbm90ICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlKSB7CiAgICAgICAgICAgICAgICAkZW1wdHlhdHRyaWJ1dGVmYWlsbWVzc2FnZSA9ICJHZXQtQW5zaWJsZVBhcmFtOiBNaXNzaW5nIHJlcXVpcmVkIGFyZ3VtZW50OiAkbmFtZSIKICAgICAgICAgICAgfQogICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICRlbXB0eWF0dHJpYnV0ZWZhaWxtZXNzYWdlCiAgICAgICAgfQogICAgfQoKICAgICMgSWYgJHZhbHVlIC1lcSAkbnVsbCwgdGhlIHBhcmFtZXRlciB3YXMgdW5zcGVjaWZpZWQgYnkgdGhlIHVzZXIgKGRlbGliZXJhdGVseSBvciBub3QpCiAgICAjIFBsZWFzZSBsZWF2ZSAkbnVsbC12YWx1ZXMgaW50YWN0LCBtb2R1bGVzIG5lZWQgdG8ga25vdyBpZiBhIHBhcmFtZXRlciB3YXMgc3BlY2lmaWVkCiAgICAjIFdoZW4gJHZhbHVlIGlzIGFscmVhZHkgYW4gYXJyYXksIHdlIGNhbm5vdCByZWx5IG9uIHRoZSBudWxsIGNoZWNrLCBhcyBhbiBlbXB0eSBsaXN0CiAgICAjIGlzIHNlZW4gYXMgbnVsbCBpbiB0aGUgY2hlY2sgYmVsb3cKICAgIGlmICgkbnVsbCAtbmUgJHZhbHVlIC1vciAkdmFsdWUgLWlzIFthcnJheV0pIHsKICAgICAgICBpZiAoJHR5cGUgLWVxICJwYXRoIikgewogICAgICAgICAgICAjIEV4cGFuZCBlbnZpcm9ubWVudCB2YXJpYWJsZXMgb24gcGF0aC10eXBlCiAgICAgICAgICAgICR2YWx1ZSA9IEV4cGFuZC1FbnZpcm9ubWVudCgkdmFsdWUpCiAgICAgICAgICAgICMgVGVzdCBpZiBhIHZhbGlkIHBhdGggaXMgcHJvdmlkZWQKICAgICAgICAgICAgaWYgKC1ub3QgKFRlc3QtUGF0aCAtSXNWYWxpZCAkdmFsdWUpKSB7CiAgICAgICAgICAgICAgICAkcGF0aF9pbnZhbGlkID0gJHRydWUKICAgICAgICAgICAgICAgICMgY291bGQgc3RpbGwgYmUgYSB2YWxpZC1zaGFwZWQgcGF0aCB3aXRoIGEgbm9uZXhpc3RlbnQgZHJpdmUgbGV0dGVyCiAgICAgICAgICAgICAgICBpZiAoJHZhbHVlIC1tYXRjaCAiXlx3OiIpIHsKICAgICAgICAgICAgICAgICAgICAjIHJld3JpdGUgcGF0aCB3aXRoIGEgdmFsaWQgZHJpdmUgbGV0dGVyIGFuZCByZWNoZWNrIHRoZSBzaGFwZS0gdGhpcyBtaWdodCBzdGlsbCBmYWlsLCBlZywgYSBub25leGlzdGVudCBub24tZmlsZXN5c3RlbSBQUyBwYXRoCiAgICAgICAgICAgICAgICAgICAgaWYgKFRlc3QtUGF0aCAtSXNWYWxpZCAkKEAoR2V0LVBTRHJpdmUgLVBTUHJvdmlkZXIgRmlsZXN5c3RlbSlbMF0uTmFtZSArICR2YWx1ZS5TdWJzdHJpbmcoMSkpKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICRwYXRoX2ludmFsaWQgPSAkZmFsc2UKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICBpZiAoJHBhdGhfaW52YWxpZCkgewogICAgICAgICAgICAgICAgICAgIEZhaWwtSnNvbiAtb2JqICRyZXN1bHRvYmogLW1lc3NhZ2UgIkdldC1BbnNpYmxlUGFyYW06IFBhcmFtZXRlciAnJG5hbWUnIGhhcyBhbiBpbnZhbGlkIHBhdGggJyR2YWx1ZScgc3BlY2lmaWVkLiIKICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgfQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgInN0ciIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IHN0ciB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgc3RyaW5ncwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUuVG9TdHJpbmcoKQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImJvb2wiKSB7CiAgICAgICAgICAgICMgQ29udmVydCBib29sZWFuIHR5cGVzIHRvIHJlYWwgUG93ZXJzaGVsbCBib29sZWFucwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgfCBDb252ZXJ0VG8tQm9vbAogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImludCIpIHsKICAgICAgICAgICAgIyBDb252ZXJ0IGludCB0eXBlcyB0byByZWFsIFBvd2Vyc2hlbGwgaW50ZWdlcnMKICAgICAgICAgICAgJHZhbHVlID0gJHZhbHVlIC1hcyBbaW50XQogICAgICAgIH0gZWxzZWlmICgkdHlwZSAtZXEgImZsb2F0IikgewogICAgICAgICAgICAjIENvbnZlcnQgZmxvYXQgdHlwZXMgdG8gcmVhbCBQb3dlcnNoZWxsIGZsb2F0cwogICAgICAgICAgICAkdmFsdWUgPSAkdmFsdWUgLWFzIFtmbG9hdF0KICAgICAgICB9IGVsc2VpZiAoJHR5cGUgLWVxICJsaXN0IikgewogICAgICAgICAgICBpZiAoJHZhbHVlIC1pcyBbYXJyYXldKSB7CiAgICAgICAgICAgICAgICAjIE5vdGhpbmcgdG8gZG8KICAgICAgICAgICAgfSBlbHNlaWYgKCR2YWx1ZSAtaXMgW3N0cmluZ10pIHsKICAgICAgICAgICAgICAgICMgQ29udmVydCBzdHJpbmcgdHlwZSB0byByZWFsIFBvd2Vyc2hlbGwgYXJyYXkKICAgICAgICAgICAgICAgICR2YWx1ZSA9ICR2YWx1ZS5TcGxpdCgiLCIpLlRyaW0oKQogICAgICAgICAgICB9IGVsc2VpZiAoJHZhbHVlIC1pcyBbaW50XSkgewogICAgICAgICAgICAgICAgJHZhbHVlID0gQCgkdmFsdWUpCiAgICAgICAgICAgIH0gZWxzZSB7CiAgICAgICAgICAgICAgICBGYWlsLUpzb24gLW9iaiAkcmVzdWx0b2JqIC1tZXNzYWdlICJHZXQtQW5zaWJsZVBhcmFtOiBQYXJhbWV0ZXIgJyRuYW1lJyBpcyBub3QgYSBZQU1MIGxpc3QuIgogICAgICAgICAgICB9CiAgICAgICAgICAgICMgLCBpcyBub3QgYSB0eXBvLCBmb3JjZXMgaXQgdG8gcmV0dXJuIGFzIGEgbGlzdCB3aGVuIGl0IGlzIGVtcHR5IG9yIG9ubHkgaGFzIDEgZW50cnkKICAgICAgICAgICAgcmV0dXJuICwkdmFsdWUKICAgICAgICB9CiAgICB9CgogICAgcmV0dXJuICR2YWx1ZQp9CgojQWxpYXMgR2V0LWF0dHItLT5HZXQtQW5zaWJsZVBhcmFtIGZvciBiYWNrd2FyZHMgY29tcGF0LiBPbmx5IGFkZCB3aGVuIG5lZWRlZCB0byBlYXNlIGRlYnVnZ2luZyBvZiBzY3JpcHRzCklmICgtbm90KEdldC1BbGlhcyAtTmFtZSAiR2V0LWF0dHIiIC1FcnJvckFjdGlvbiBTaWxlbnRseUNvbnRpbnVlKSkKewogICAgTmV3LUFsaWFzIC1OYW1lIEdldC1hdHRyIC1WYWx1ZSBHZXQtQW5zaWJsZVBhcmFtCn0KCkZ1bmN0aW9uIENvbnZlcnRUby1Cb29sCnsKPCMKICAgIC5TWU5PUFNJUwogICAgSGVscGVyIGZpbHRlci9waXBlbGluZSBmdW5jdGlvbiB0byBjb252ZXJ0IGEgdmFsdWUgdG8gYm9vbGVhbiBmb2xsb3dpbmcgY3VycmVudAogICAgQW5zaWJsZSBwcmFjdGljZXMKICAgIC5FWEFNUExFCiAgICAkaXNfdHJ1ZSA9ICJ0cnVlIiB8IENvbnZlcnRUby1Cb29sCiM+CiAgICBwYXJhbSgKICAgICAgICBbcGFyYW1ldGVyKHZhbHVlZnJvbXBpcGVsaW5lPSR0cnVlKV0KICAgICAgICAkb2JqCiAgICApCgogICAgJGJvb2xlYW5fc3RyaW5ncyA9ICJ5ZXMiLCAib24iLCAiMSIsICJ0cnVlIiwgMQogICAgJG9ial9zdHJpbmcgPSBbc3RyaW5nXSRvYmoKCiAgICBpZiAoKCRvYmogLWlzIFtib29sZWFuXSAtYW5kICRvYmopIC1vciAkYm9vbGVhbl9zdHJpbmdzIC1jb250YWlucyAkb2JqX3N0cmluZy5Ub0xvd2VyKCkpIHsKICAgICAgICByZXR1cm4gJHRydWUKICAgIH0gZWxzZSB7CiAgICAgICAgcmV0dXJuICRmYWxzZQogICAgfQp9CgpGdW5jdGlvbiBQYXJzZS1BcmdzKCRhcmd1bWVudHMsICRzdXBwb3J0c19jaGVja19tb2RlID0gJGZhbHNlKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBwYXJzZSBBbnNpYmxlIEpTT04gYXJndW1lbnRzIGZyb20gYSAiZmlsZSIgcGFzc2VkIGFzCiAgICB0aGUgc2luZ2xlIGFyZ3VtZW50IHRvIHRoZSBtb2R1bGUuCiAgICAuRVhBTVBMRQogICAgJHBhcmFtcyA9IFBhcnNlLUFyZ3MgJGFyZ3MKIz4KICAgICRwYXJhbXMgPSBOZXctT2JqZWN0IHBzb2JqZWN0CiAgICBJZiAoJGFyZ3VtZW50cy5MZW5ndGggLWd0IDApCiAgICB7CiAgICAgICAgJHBhcmFtcyA9IEdldC1Db250ZW50ICRhcmd1bWVudHNbMF0gfCBDb252ZXJ0RnJvbS1Kc29uCiAgICB9CiAgICBFbHNlIHsKICAgICAgICAkcGFyYW1zID0gJGNvbXBsZXhfYXJncwogICAgfQogICAgJGNoZWNrX21vZGUgPSBHZXQtQW5zaWJsZVBhcmFtIC1vYmogJHBhcmFtcyAtbmFtZSAiX2Fuc2libGVfY2hlY2tfbW9kZSIgLXR5cGUgImJvb2wiIC1kZWZhdWx0ICRmYWxzZQogICAgSWYgKCRjaGVja19tb2RlIC1hbmQgLW5vdCAkc3VwcG9ydHNfY2hlY2tfbW9kZSkKICAgIHsKICAgICAgICBFeGl0LUpzb24gQHsKICAgICAgICAgICAgc2tpcHBlZCA9ICR0cnVlCiAgICAgICAgICAgIGNoYW5nZWQgPSAkZmFsc2UKICAgICAgICAgICAgbXNnID0gInJlbW90ZSBtb2R1bGUgZG9lcyBub3Qgc3VwcG9ydCBjaGVjayBtb2RlIgogICAgICAgIH0KICAgIH0KICAgIHJldHVybiAkcGFyYW1zCn0KCgpGdW5jdGlvbiBHZXQtRmlsZUNoZWNrc3VtKCRwYXRoLCAkYWxnb3JpdGhtID0gJ3NoYTEnKQp7CjwjCiAgICAuU1lOT1BTSVMKICAgIEhlbHBlciBmdW5jdGlvbiB0byBjYWxjdWxhdGUgYSBoYXNoIG9mIGEgZmlsZSBpbiBhIHdheSB3aGljaCBQb3dlclNoZWxsIDMKICAgIGFuZCBhYm92ZSBjYW4gaGFuZGxlCiM+CiAgICBJZiAoVGVzdC1QYXRoIC1QYXRoICRwYXRoIC1QYXRoVHlwZSBMZWFmKQogICAgewogICAgICAgIHN3aXRjaCAoJGFsZ29yaXRobSkKICAgICAgICB7CiAgICAgICAgICAgICdtZDUnIHsgJHNwID0gTmV3LU9iamVjdCAtVHlwZU5hbWUgU3lzdGVtLlNlY3VyaXR5LkNyeXB0b2dyYXBoeS5NRDVDcnlwdG9TZXJ2aWNlUHJvdmlkZXIgfQogICAgI ScriptBlock ID: f145171b-ab1f-4a7f-89b6-d6612b94fda4 Path:	4104	1		3	2	15	0	1108	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0002-0dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 3): begin { $DebugPreference = "Continue" $ErrorActionPreference = "Stop" Set-StrictMode -Version 2 function ConvertTo-HashtableFromPsCustomObject ($myPsObject){ $output = @{}; $myPsObject | Get-Member -MemberType *Property | % { $val = $myPsObject.($_.name); If ($val -is [psobject]) { $val = ConvertTo-HashtableFromPsCustomObject $val } $output.($_.name) = $val } return $output; } # stream JSON including become_pw, ps_module_payload, bin_module_payload, become_payload, write_payload_path, preserve directives # exec runspace, capture output, cleanup, return module output # NB: do not adjust the following line- it is replaced when doing non-streamed module output $json_raw = @' {"min_ps_version": null, "exec": "CkZ1bmN0aW9uIFJ1bigkcGF5bG9hZCkgewogICAgJGVudHJ5cG9pbnQgPSAkcGF5bG9hZC5tb2R1bGVfZW50cnkKCiAgICAkZW50cnlwb2ludCA9IFtTeXN0ZW0uVGV4dC5FbmNvZGluZ106OlVURjguR2V0U3RyaW5nKFtTeXN0ZW0uQ29udmVydF06OkZyb21CYXNlNjRTdHJpbmcoJGVudHJ5cG9pbnQpKQoKICAgICRwcyA9IFtwb3dlcnNoZWxsXTo6Q3JlYXRlKCkKCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkQ29tbWFuZCgiU2V0LVZhcmlhYmxlIikuQWRkUGFyYW1ldGVycyhAe1Njb3BlPSJnbG9iYWwiO05hbWU9ImNvbXBsZXhfYXJncyI7VmFsdWU9JHBheWxvYWQubW9kdWxlX2FyZ3N9KSB8IE91dC1OdWxsCiAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCgogICAgIyByZWRlZmluZSBXcml0ZS1Ib3N0IHRvIGR1bXAgdG8gb3V0cHV0IGluc3RlYWQgb2YgZmFpbGluZy0gbG90cyBvZiBzY3JpcHRzIHVzZSBpdAogICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgiRnVuY3Rpb24gV3JpdGUtSG9zdChgJG1zZyl7IFdyaXRlLU91dHB1dCBgJG1zZyB9IikgfCBPdXQtTnVsbAoKICAgIEZvckVhY2ggKCRlbnZfa3YgaW4gJHBheWxvYWQuZW52aXJvbm1lbnQuR2V0RW51bWVyYXRvcigpKSB7CiAgICAgICAgIyBuZWVkIHRvIGVzY2FwZSAnIGluIGJvdGggdGhlIGtleSBhbmQgdmFsdWUKICAgICAgICAkZW52X2tleSA9ICRlbnZfa3YuS2V5LlRvU3RyaW5nKCkuUmVwbGFjZSgiJyIsICInJyIpCiAgICAgICAgJGVudl92YWx1ZSA9ICRlbnZfa3YuVmFsdWUuVG9TdHJpbmcoKS5SZXBsYWNlKCInIiwgIicnIikKICAgICAgICAkZXNjYXBlZF9lbnZfc2V0ID0gIltTeXN0ZW0uRW52aXJvbm1lbnRdOjpTZXRFbnZpcm9ubWVudFZhcmlhYmxlKCd7MH0nLCAnezF9JykiIC1mICRlbnZfa2V5LCAkZW52X3ZhbHVlCiAgICAgICAgJHBzLkFkZFN0YXRlbWVudCgpLkFkZFNjcmlwdCgkZXNjYXBlZF9lbnZfc2V0KSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBkeW5hbWljYWxseSBjcmVhdGUvbG9hZCBtb2R1bGVzCiAgICBGb3JFYWNoICgkbW9kIGluICRwYXlsb2FkLnBvd2Vyc2hlbGxfbW9kdWxlcy5HZXRFbnVtZXJhdG9yKCkpIHsKICAgICAgICAkZGVjb2RlZF9tb2R1bGUgPSBbU3lzdGVtLlRleHQuRW5jb2RpbmddOjpVVEY4LkdldFN0cmluZyhbU3lzdGVtLkNvbnZlcnRdOjpGcm9tQmFzZTY0U3RyaW5nKCRtb2QuVmFsdWUpKQogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRDb21tYW5kKCJOZXctTW9kdWxlIikuQWRkUGFyYW1ldGVycyhAe1NjcmlwdEJsb2NrPShbc2NyaXB0YmxvY2tdOjpDcmVhdGUoJGRlY29kZWRfbW9kdWxlKSk7TmFtZT0kbW9kLktleX0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiSW1wb3J0LU1vZHVsZSIpLkFkZFBhcmFtZXRlcnMoQHtXYXJuaW5nQWN0aW9uPSJTaWxlbnRseUNvbnRpbnVlIn0pIHwgT3V0LU51bGwKICAgICAgICAkcHMuQWRkQ29tbWFuZCgiT3V0LU51bGwiKSB8IE91dC1OdWxsCiAgICB9CgogICAgIyBmb3JjZSBpbnB1dCBlbmNvZGluZyB0byBwcmVhbWJsZS1mcmVlIFVURjggc28gUFMgc3ViLXByb2Nlc3NlcyAoZWcsCiAgICAjIFN0YXJ0LUpvYikgZG9uJ3QgYmxvdyB1cC4gVGhpcyBpcyBvbmx5IHJlcXVpcmVkIGZvciBXaW5STSwgYSBQU1JQCiAgICAjIHJ1bnNwYWNlIGRvZXNuJ3QgaGF2ZSBhIGhvc3QgY29uc29sZSBhbmQgdGhpcyB3aWxsIGJvbWIgb3V0CiAgICBpZiAoJGhvc3QuTmFtZSAtZXEgIkNvbnNvbGVIb3N0IikgewogICAgICAgICRwcy5BZGRTdGF0ZW1lbnQoKS5BZGRTY3JpcHQoIltDb25zb2xlXTo6SW5wdXRFbmNvZGluZyA9IE5ldy1PYmplY3QgVGV4dC5VVEY4RW5jb2RpbmcgYCRmYWxzZSIpIHwgT3V0LU51bGwKICAgIH0KCiAgICAkcHMuQWRkU3RhdGVtZW50KCkuQWRkU2NyaXB0KCRlbnRyeXBvaW50KSB8IE91dC1OdWxsCgogICAgJG91dHB1dCA9ICRwcy5JbnZva2UoKQoKICAgICRvdXRwdXQKCiAgICAjIFBTMyBkb2Vzbid0IHByb3Blcmx5IHNldCBIYWRFcnJvcnMgaW4gbWFueSBjYXNlcywgaW5zcGVjdCB0aGUgZXJyb3Igc3RyZWFtIGFzIGEgZmFsbGJhY2sKICAgIElmICgkcHMuSGFkRXJyb3JzIC1vciAoJFBTVmVyc2lvblRhYmxlLlBTVmVyc2lvbi5NYWpvciAtbHQgNCAtYW5kICRwcy5TdHJlYW1zLkVycm9yLkNvdW50IC1ndCAwKSkgewogICAgICAgICRob3N0LlVJLldyaXRlRXJyb3JMaW5lKCQoJHBzLlN0cmVhbXMuRXJyb3IgfCBPdXQtU3RyaW5nKSkKICAgICAgICAkZXhpdF9jb2RlID0gJHBzLlJ1bnNwYWNlLlNlc3Npb25TdGF0ZVByb3h5LkdldFZhcmlhYmxlKCJMQVNURVhJVENPREUiKQogICAgICAgIElmKC1ub3QgJGV4aXRfY29kZSkgewogICAgICAgICAgICAkZXhpdF9jb2RlID0gMQogICAgICAgIH0KICAgICAgICAjIG5lZWQgdG8gdXNlIHRoaXMgaW5zdGVhZCBvZiBFeGl0IGtleXdvcmQgdG8gcHJldmVudCBydW5zcGFjZSBmcm9tIGNyYXNoaW5nIHdpdGggZHluYW1pYyBtb2R1bGVzCiAgICAgICAgJGhvc3QuU2V0U2hvdWxkRXhpdCgkZXhpdF9jb2RlKQogICAgfQp9Cg==", "actions": ["exec"], "environment": {}, "min_os_version": null, "powershell_modules": {"Ansible.ModuleUtils.CommandUtil": "IyBDb3B5cmlnaHQgKGMpIDIwMTcgQW5zaWJsZSBQcm9qZWN0CiMgU2ltcGxpZmllZCBCU0QgTGljZW5zZSAoc2VlIGxpY2Vuc2VzL3NpbXBsaWZpZWRfYnNkLnR4dCBvciBodHRwczovL29wZW5zb3VyY2Uub3JnL2xpY2Vuc2VzL0JTRC0yLUNsYXVzZSkKCiRwcm9jZXNzX3V0aWwgPSBAIgp1c2luZyBNaWNyb3NvZnQuV2luMzIuU2FmZUhhbmRsZXM7CnVzaW5nIFN5c3RlbTsKdXNpbmcgU3lzdGVtLkNvbGxlY3Rpb25zOwp1c2luZyBTeXN0ZW0uSU87CnVzaW5nIFN5c3RlbS5MaW5xOwp1c2luZyBTeXN0ZW0uUnVudGltZS5JbnRlcm9wU2VydmljZXM7CnVzaW5nIFN5c3RlbS5UZXh0Owp1c2luZyBTeXN0ZW0uVGhyZWFkaW5nOwoKbmFtZXNwYWNlIEFuc2libGUKewogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNFQ1VSSVRZX0FUVFJJQlVURVMKICAgIHsKICAgICAgICBwdWJsaWMgaW50IG5MZW5ndGg7CiAgICAgICAgcHVibGljIEludFB0ciBscFNlY3VyaXR5RGVzY3JpcHRvcjsKICAgICAgICBwdWJsaWMgYm9vbCBiSW5oZXJpdEhhbmRsZSA9IGZhbHNlOwogICAgICAgIHB1YmxpYyBTRUNVUklUWV9BVFRSSUJVVEVTKCkKICAgICAgICB7CiAgICAgICAgICAgIG5MZW5ndGggPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPCiAgICB7CiAgICAgICAgcHVibGljIEludDMyIGNiOwogICAgICAgIHB1YmxpYyBJbnRQdHIgbHBSZXNlcnZlZDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwRGVza3RvcDsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwVGl0bGU7CiAgICAgICAgcHVibGljIEludDMyIGR3WDsKICAgICAgICBwdWJsaWMgSW50MzIgZHdZOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lTaXplOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1hDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd1lDb3VudENoYXJzOwogICAgICAgIHB1YmxpYyBJbnQzMiBkd0ZpbGxBdHRyaWJ1dGU7CiAgICAgICAgcHVibGljIEludDMyIGR3RmxhZ3M7CiAgICAgICAgcHVibGljIEludDE2IHdTaG93V2luZG93OwogICAgICAgIHB1YmxpYyBJbnQxNiBjYlJlc2VydmVkMjsKICAgICAgICBwdWJsaWMgSW50UHRyIGxwUmVzZXJ2ZWQyOwogICAgICAgIHB1YmxpYyBTYWZlRmlsZUhhbmRsZSBoU3RkSW5wdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRPdXRwdXQ7CiAgICAgICAgcHVibGljIFNhZmVGaWxlSGFuZGxlIGhTdGRFcnJvcjsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8oKQogICAgICAgIHsKICAgICAgICAgICAgY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIGNsYXNzIFNUQVJUVVBJTkZPRVgKICAgIHsKICAgICAgICBwdWJsaWMgU1RBUlRVUElORk8gc3RhcnR1cEluZm87CiAgICAgICAgcHVibGljIEludFB0ciBscEF0dHJpYnV0ZUxpc3Q7CiAgICAgICAgcHVibGljIFNUQVJUVVBJTkZPRVgoKQogICAgICAgIHsKICAgICAgICAgICAgc3RhcnR1cEluZm8gPSBuZXcgU1RBUlRVUElORk8oKTsKICAgICAgICAgICAgc3RhcnR1cEluZm8uY2IgPSBNYXJzaGFsLlNpemVPZih0aGlzKTsKICAgICAgICB9CiAgICB9CgogICAgW1N0cnVjdExheW91dChMYXlvdXRLaW5kLlNlcXVlbnRpYWwpXQogICAgcHVibGljIHN0cnVjdCBQUk9DRVNTX0lORk9STUFUSU9OCiAgICB7CiAgICAgICAgcHVibGljIEludFB0ciBoUHJvY2VzczsKICAgICAgICBwdWJsaWMgSW50UHRyIGhUaHJlYWQ7CiAgICAgICAgcHVibGljIGludCBkd1Byb2Nlc3NJZDsKICAgICAgICBwdWJsaWMgaW50IGR3VGhyZWFkSWQ7CiAgICB9CgogICAgW0ZsYWdzXQogICAgcHVibGljIGVudW0gU3RhcnR1cEluZm9GbGFncyA6IHVpbnQKICAgIHsKICAgICAgICBVU0VTVERIQU5ETEVTID0gMHgwMDAwMDEwMAogICAgfQoKICAgIHB1YmxpYyBlbnVtIEhhbmRsZUZsYWdzIDogdWludAogICAgewogICAgICAgIE5vbmUgPSAwLAogICAgICAgIElOSEVSSVQgPSAxCiAgICB9CgogICAgY2xhc3MgTmF0aXZlV2FpdEhhbmRsZSA6IFdhaXRIYW5kbGUKICAgIHsKICAgICAgICBwdWJsaWMgTmF0aXZlV2FpdEhhbmRsZShJbnRQdHIgaGFuZGxlKQogICAgICAgIHsKICAgICAgICAgICAgdGhpcy5TYWZlV2FpdEhhbmRsZSA9IG5ldyBTYWZlV2FpdEhhbmRsZShoYW5kbGUsIGZhbHNlKTsKICAgICAgICB9CiAgICB9CgogICAgcHVibGljIGNsYXNzIFdpbjMyRXhjZXB0aW9uIDogU3lzdGVtLkNvbXBvbmVudE1vZGVsLldpbjMyRXhjZXB0aW9uCiAgICB7CiAgICAgICAgcHJpdmF0ZSBzdHJpbmcgX21zZzsKCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKHN0cmluZyBtZXNzYWdlKSA6IHRoaXMoTWFyc2hhbC5HZXRMYXN0V2luMzJFcnJvcigpLCBtZXNzYWdlKSB7IH0KCiAgICAgICAgcHVibGljIFdpbjMyRXhjZXB0aW9uKGludCBlcnJvckNvZGUsIHN0cmluZyBtZXNzYWdlKSA6IGJhc2UoZXJyb3JDb2RlKQogICAgICAgIHsKICAgICAgICAgICAgX21zZyA9IFN0cmluZy5Gb3JtYXQoInswfSAoezF9LCBXaW4zMkVycm9yQ29kZSB7Mn0pIiwgbWVzc2FnZSwgYmFzZS5NZXNzYWdlLCBlcnJvckNvZGUpOwogICAgICAgIH0KCiAgICAgICAgcHVibGljIG92ZXJyaWRlIHN0cmluZyBNZXNzYWdlIHsgZ2V0IHsgcmV0dXJuIF9tc2c7IH0gfQogICAgICAgIHB1YmxpYyBzdGF0aWMgZXhwbGljaXQgb3BlcmF0b3IgV2luMzJFeGNlcHRpb24oc3RyaW5nIG1lc3NhZ2UpIHsgcmV0dXJuIG5ldyBXaW4zMkV4Y2VwdGlvbihtZXNzYWdlKTsgfQogICAgfQoKICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kVXRpbAogICAgewogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCA9IDB4MDAwMDAwNDAwOwogICAgICAgIHByaXZhdGUgc3RhdGljIFVJbnQzMiBFWFRFTkRFRF9TVEFSVFVQSU5GT19QUkVTRU5UID0gMHgwMDA4MDAwMDsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSwgQmVzdEZpdE1hcHBpbmcgPSBmYWxzZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICBbTWFyc2hhbEFzKFVubWFuYWdlZFR5cGUuTFBXU3RyKV0KICAgICAgICAgICAgICAgIHN0cmluZyBscEFwcGxpY2F0aW9uTmFtZSwKICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscENvbW1hbmRMaW5lLAogICAgICAgICAgICBJbnRQdHIgbHBQcm9jZXNzQXR0cmlidXRlcywKICAgICAgICAgICAgSW50UHRyIGxwVGhyZWFkQXR0cmlidXRlcywKICAgICAgICAgICAgYm9vbCBiSW5oZXJpdEhhbmRsZXMsCiAgICAgICAgICAgIHVpbnQgZHdDcmVhdGlvbkZsYWdzLAogICAgICAgICAgICBJbnRQdHIgbHBFbnZpcm9ubWVudCwKICAgICAgICAgICAgW01hcnNoYWxBcyhVbm1hbmFnZWRUeXBlLkxQV1N0cildCiAgICAgICAgICAgICAgICBzdHJpbmcgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICBTVEFSVFVQSU5GT0VYIGxwU3RhcnR1cEluZm8sCiAgICAgICAgICAgIG91dCBQUk9DRVNTX0lORk9STUFUSU9OIGxwUHJvY2Vzc0luZm9ybWF0aW9uKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIildCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBDcmVhdGVQaXBlKAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFJlYWRQaXBlLAogICAgICAgICAgICBvdXQgU2FmZUZpbGVIYW5kbGUgaFdyaXRlUGlwZSwKICAgICAgICAgICAgU0VDVVJJVFlfQVRUUklCVVRFUyBscFBpcGVBdHRyaWJ1dGVzLAogICAgICAgICAgICB1aW50IG5TaXplKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gYm9vbCBTZXRIYW5kbGVJbmZvcm1hdGlvbigKICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgaE9iamVjdCwKICAgICAgICAgICAgSGFuZGxlRmxhZ3MgZHdNYXNrLAogICAgICAgICAgICBpbnQgZHdGbGFncyk7CgogICAgICAgIFtEbGxJbXBvcnQoImtlcm5lbDMyLmRsbCIsIFNldExhc3RFcnJvciA9IHRydWUpXQogICAgICAgIHByaXZhdGUgc3RhdGljIGV4dGVybiBib29sIEdldEV4aXRDb2RlUHJvY2VzcygKICAgICAgICAgICAgSW50UHRyIGhQcm9jZXNzLAogICAgICAgICAgICBvdXQgdWludCBscEV4aXRDb2RlKTsKCiAgICAgICAgW0RsbEltcG9ydCgia2VybmVsMzIuZGxsIiwgU2V0TGFzdEVycm9yID0gdHJ1ZSwgQ2hhclNldCA9IENoYXJTZXQuVW5pY29kZSldCiAgICAgICAgcHVibGljIHN0YXRpYyBleHRlcm4gdWludCBTZWFyY2hQYXRoKAogICAgICAgICAgICBzdHJpbmcgbHBQYXRoLAogICAgICAgICAgICBzdHJpbmcgbHBGaWxlTmFtZSwKICAgICAgICAgICAgc3RyaW5nIGxwRXh0ZW5zaW9uLAogICAgICAgICAgICBpbnQgbkJ1ZmZlckxlbmd0aCwKICAgICAgICAgICAgW01hcnNoYWxBcyAoVW5tYW5hZ2VkVHlwZS5MUFRTdHIpXQogICAgICAgICAgICAgICAgU3RyaW5nQnVpbGRlciBscEJ1ZmZlciwKICAgICAgICAgICAgb3V0IEludFB0ciBscEZpbGVQYXJ0KTsKCiAgICAgICAgW0RsbEltcG9ydCgic2hlbGwzMi5kbGwiLCBTZXRMYXN0RXJyb3IgPSB0cnVlKV0KICAgICAgICBzdGF0aWMgZXh0ZXJuIEludFB0ciBDb21tYW5kTGluZVRvQXJndlcoCiAgICAgICAgICAgIFtNYXJzaGFsQXMoVW5tYW5hZ2VkVHlwZS5MUFdTdHIpXQogICAgICAgICAgICAgICAgc3RyaW5nIGxwQ21kTGluZSwKICAgICAgICAgICAgb3V0IGludCBwTnVtQXJncyk7CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nW10gUGFyc2VDb21tYW5kTGluZShzdHJpbmcgbHBDb21tYW5kTGluZSkKICAgICAgICB7CiAgICAgICAgICAgIGludCBudW1BcmdzOwogICAgICAgICAgICBJbnRQdHIgcmV0ID0gQ29tbWFuZExpbmVUb0FyZ3ZXKGxwQ29tbWFuZExpbmUsIG91dCBudW1BcmdzKTsKCiAgICAgICAgICAgIGlmIChyZXQgPT0gSW50UHRyLlplcm8pCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkVycm9yIHBhcnNpbmcgY29tbWFuZCBsaW5lIik7CgogICAgICAgICAgICBJbnRQdHJbXSBzdHJwdHJzID0gbmV3IEludFB0cltudW1BcmdzXTsKICAgICAgICAgICAgTWFyc2hhbC5Db3B5KHJldCwgc3RycHRycywgMCwgbnVtQXJncyk7CiAgICAgICAgICAgIHN0cmluZ1tdIGNtZGxpbmVQYXJ0cyA9IHN0cnB0cnMuU2VsZWN0KHMgPT4gTWFyc2hhbC5QdHJUb1N0cmluZ1VuaShzKSkuVG9BcnJheSgpOwoKICAgICAgICAgICAgTWFyc2hhbC5GcmVlSEdsb2JhbChyZXQpOwoKICAgICAgICAgICAgcmV0dXJuIGNtZGxpbmVQYXJ0czsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBzdGF0aWMgc3RyaW5nIFNlYXJjaFBhdGgoc3RyaW5nIGxwRmlsZU5hbWUpCiAgICAgICAgewogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIHNiT3V0ID0gbmV3IFN0cmluZ0J1aWxkZXIoMTAyNCk7CiAgICAgICAgICAgIEludFB0ciBmaWxlUGFydE91dDsKCiAgICAgICAgICAgIGlmIChTZWFyY2hQYXRoKG51bGwsIGxwRmlsZU5hbWUsIG51bGwsIHNiT3V0LkNhcGFjaXR5LCBzYk91dCwgb3V0IGZpbGVQYXJ0T3V0KSA9PSAwKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IEZpbGVOb3RGb3VuZEV4Y2VwdGlvbihTdHJpbmcuRm9ybWF0KCJDb3VsZCBub3QgbG9jYXRlIHRoZSBmb2xsb3dpbmcgZXhlY3V0YWJsZSB7MH0iLCBscEZpbGVOYW1lKSk7CgogICAgICAgICAgICByZXR1cm4gc2JPdXQuVG9TdHJpbmcoKTsKICAgICAgICB9CgogICAgICAgIHB1YmxpYyBjbGFzcyBDb21tYW5kUmVzdWx0CiAgICAgICAgewogICAgICAgICAgICBwdWJsaWMgc3RyaW5nIFN0YW5kYXJkT3V0IHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHN0cmluZyBTdGFuZGFyZEVycm9yIHsgZ2V0OyBpbnRlcm5hbCBzZXQ7IH0KICAgICAgICAgICAgcHVibGljIHVpbnQgRXhpdENvZGUgeyBnZXQ7IGludGVybmFsIHNldDsgfQogICAgICAgIH0KCiAgICAgICAgcHVibGljIHN0YXRpYyBDb21tYW5kUmVzdWx0IFJ1bkNvbW1hbmQoc3RyaW5nIGxwQXBwbGljYXRpb25OYW1lLCBzdHJpbmcgbHBDb21tYW5kTGluZSwgc3RyaW5nIGxwQ3VycmVudERpcmVjdG9yeSwgc3RyaW5nIHN0ZGluSW5wdXQsIElEaWN0aW9uYXJ5IGVudmlyb25tZW50KQogICAgICAgIHsKICAgICAgICAgICAgVUludDMyIHN0YXJ0dXBfZmxhZ3MgPSBDUkVBVEVfVU5JQ09ERV9FTlZJUk9OTUVOVCB8IEVYVEVOREVEX1NUQVJUVVBJTkZPX1BSRVNFTlQ7CiAgICAgICAgICAgIFNUQVJUVVBJTkZPRVggc2kgPSBuZXcgU1RBUlRVUElORk9FWCgpOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5kd0ZsYWdzID0gKGludClTdGFydHVwSW5mb0ZsYWdzLlVTRVNUREhBTkRMRVM7CgogICAgICAgICAgICBTRUNVUklUWV9BVFRSSUJVVEVTIHBpcGVzZWMgPSBuZXcgU0VDVVJJVFlfQVRUUklCVVRFUygpOwogICAgICAgICAgICBwaXBlc2VjLmJJbmhlcml0SGFuZGxlID0gdHJ1ZTsKCiAgICAgICAgICAgIC8vIENyZWF0ZSB0aGUgc3Rkb3V0LCBzdGRlcnIgYW5kIHN0ZGluIHBpcGVzIHVzZWQgaW4gdGhlIHByb2Nlc3MgYW5kIGFkZCB0byB0aGUgc3RhcnR1cEluZm8KICAgICAgICAgICAgU2FmZUZpbGVIYW5kbGUgc3Rkb3V0X3JlYWQsIHN0ZG91dF93cml0ZSwgc3RkZXJyX3JlYWQsIHN0ZGVycl93cml0ZSwgc3RkaW5fcmVhZCwgc3RkaW5fd3JpdGU7CiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3Rkb3V0X3JlYWQsIG91dCBzdGRvdXRfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERPVVQgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRvdXRfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURE9VVCBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkZXJyX3JlYWQsIG91dCBzdGRlcnJfd3JpdGUsIHBpcGVzZWMsIDApKQogICAgICAgICAgICAgICAgdGhyb3cgbmV3IFdpbjMyRXhjZXB0aW9uKCJTVERFUlIgcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRlcnJfcmVhZCwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNUREVSUiBwaXBlIGhhbmRsZSBzZXR1cCBmYWlsZWQiKTsKCiAgICAgICAgICAgIGlmICghQ3JlYXRlUGlwZShvdXQgc3RkaW5fcmVhZCwgb3V0IHN0ZGluX3dyaXRlLCBwaXBlc2VjLCAwKSkKICAgICAgICAgICAgICAgIHRocm93IG5ldyBXaW4zMkV4Y2VwdGlvbigiU1RESU4gcGlwZSBzZXR1cCBmYWlsZWQiKTsKICAgICAgICAgICAgaWYgKCFTZXRIYW5kbGVJbmZvcm1hdGlvbihzdGRpbl93cml0ZSwgSGFuZGxlRmxhZ3MuSU5IRVJJVCwgMCkpCiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIlNURElOIHBpcGUgaGFuZGxlIHNldHVwIGZhaWxlZCIpOwoKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZE91dHB1dCA9IHN0ZG91dF93cml0ZTsKICAgICAgICAgICAgc2kuc3RhcnR1cEluZm8uaFN0ZEVycm9yID0gc3RkZXJyX3dyaXRlOwogICAgICAgICAgICBzaS5zdGFydHVwSW5mby5oU3RkSW5wdXQgPSBzdGRpbl9yZWFkOwoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIHN0ZGluIGJ1ZmZlcgogICAgICAgICAgICBVVEY4RW5jb2RpbmcgdXRmOF9lbmNvZGluZyA9IG5ldyBVVEY4RW5jb2RpbmcoZmFsc2UpOwogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZGluX2ZzID0gbmV3IEZpbGVTdHJlYW0oc3RkaW5fd3JpdGUsIEZpbGVBY2Nlc3MuV3JpdGUsIDMyNzY4KTsKICAgICAgICAgICAgU3RyZWFtV3JpdGVyIHN0ZGluID0gbmV3IFN0cmVhbVdyaXRlcihzdGRpbl9mcywgdXRmOF9lbmNvZGluZywgMzI3NjgpOwoKICAgICAgICAgICAgLy8gSWYgbHBDdXJyZW50RGlyZWN0b3J5IGlzIHNldCB0byBudWxsIGluIFBTIGl0IHdpbGwgYmUgYW4gZW1wdHkKICAgICAgICAgICAgLy8gc3RyaW5nIGhlcmUsIHdlIG5lZWQgdG8gY29udmVydCBpdAogICAgICAgICAgICBpZiAobHBDdXJyZW50RGlyZWN0b3J5ID09ICIiKQogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5ID0gbnVsbDsKCiAgICAgICAgICAgIFN0cmluZ0J1aWxkZXIgZW52aXJvbm1lbnRTdHJpbmcgPSBudWxsOwoKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50ICE9IG51bGwgJiYgZW52aXJvbm1lbnQuQ291bnQgPiAwKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBlbnZpcm9ubWVudFN0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKCk7CiAgICAgICAgICAgICAgICBmb3JlYWNoIChEaWN0aW9uYXJ5RW50cnkga3YgaW4gZW52aXJvbm1lbnQpCiAgICAgICAgICAgICAgICAgICAgZW52aXJvbm1lbnRTdHJpbmcuQXBwZW5kRm9ybWF0KCJ7MH09ezF9XDAiLCBrdi5LZXksIGt2LlZhbHVlKTsKICAgICAgICAgICAgICAgIGVudmlyb25tZW50U3RyaW5nLkFwcGVuZCgnXDAnKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gQ3JlYXRlIHRoZSBlbnZpcm9ubWVudCBibG9jayBpZiBzZXQKICAgICAgICAgICAgSW50UHRyIGxwRW52aXJvbm1lbnQgPSBJbnRQdHIuWmVybzsKICAgICAgICAgICAgaWYgKGVudmlyb25tZW50U3RyaW5nICE9IG51bGwpCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50ID0gTWFyc2hhbC5TdHJpbmdUb0hHbG9iYWxVbmkoZW52aXJvbm1lbnRTdHJpbmcuVG9TdHJpbmcoKSk7CgogICAgICAgICAgICAvLyBDcmVhdGUgbmV3IHByb2Nlc3MgYW5kIHJ1bgogICAgICAgICAgICBTdHJpbmdCdWlsZGVyIGFyZ3VtZW50X3N0cmluZyA9IG5ldyBTdHJpbmdCdWlsZGVyKGxwQ29tbWFuZExpbmUpOwogICAgICAgICAgICBQUk9DRVNTX0lORk9STUFUSU9OIHBpID0gbmV3IFBST0NFU1NfSU5GT1JNQVRJT04oKTsKICAgICAgICAgICAgaWYgKCFDcmVhdGVQcm9jZXNzKAogICAgICAgICAgICAgICAgbHBBcHBsaWNhdGlvbk5hbWUsCiAgICAgICAgICAgICAgICBhcmd1bWVudF9zdHJpbmcsCiAgICAgICAgICAgICAgICBJbnRQdHIuWmVybywKICAgICAgICAgICAgICAgIEludFB0ci5aZXJvLAogICAgICAgICAgICAgICAgdHJ1ZSwKICAgICAgICAgICAgICAgIHN0YXJ0dXBfZmxhZ3MsCiAgICAgICAgICAgICAgICBscEVudmlyb25tZW50LAogICAgICAgICAgICAgICAgbHBDdXJyZW50RGlyZWN0b3J5LAogICAgICAgICAgICAgICAgc2ksCiAgICAgICAgICAgICAgICBvdXQgcGkpKQogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICB0aHJvdyBuZXcgV2luMzJFeGNlcHRpb24oIkZhaWxlZCB0byBjcmVhdGUgbmV3IHByb2Nlc3MiKTsKICAgICAgICAgICAgfQoKICAgICAgICAgICAgLy8gU2V0dXAgdGhlIG91dHB1dCBidWZmZXJzIGFuZCBnZXQgc3Rkb3V0L3N0ZGVycgogICAgICAgICAgICBGaWxlU3RyZWFtIHN0ZG91dF9mcyA9IG5ldyBGaWxlU3RyZWFtKHN0ZG91dF9yZWFkLCBGaWxlQWNjZXNzLlJlYWQsIDQwOTYpOwogICAgICAgICAgICBTdHJlYW1SZWFkZXIgc3Rkb3V0ID0gbmV3IFN0cmVhbVJlYWRlcihzdGRvdXRfZnMsIHV0ZjhfZW5jb2RpbmcsIHRydWUsIDQwOTYpOwogICAgICAgICAgICBzdGRvdXRfd3JpdGUuQ2xvc2UoKTsKICAgICAgICAgICAgRmlsZVN0cmVhbSBzdGRlcnJfZnMgPSBuZXcgRmlsZVN0cmVhbShzdGRlcnJfcmVhZCwgRmlsZUFjY2Vzcy5SZWFkLCA0MDk2KTsKICAgICAgICAgICAgU3RyZWFtUmVhZGVyIHN0ZGVyciA9IG5ldyBTdHJlYW1SZWFkZXIoc3RkZXJyX2ZzLCB1dGY4X2VuY29kaW5nLCB0cnVlLCA0MDk2KTsKICAgICAgICAgICAgc3RkZXJyX3dyaXRlLkNsb3NlKCk7CgogICAgICAgICAgICBzdGRpbi5Xcml0ZUxpbmUoc3RkaW5JbnB1dCk7CiAgICAgICAgICAgIHN0ZGluLkNsb3NlKCk7CgogICAgICAgICAgICBzdHJpbmcgc3Rkb3V0X3N0ciwgc3RkZXJyX3N0ciA9IG51bGw7CiAgICAgICAgICAgIEdldFByb2Nlc3NPdXRwdXQoc3Rkb3V0LCBzdGRlcnIsIG91dCBzdGRvdXRfc3RyLCBvdXQgc3RkZXJyX3N0cik7CiAgICAgICAgICAgIHVpbnQgcmMgPSBHZXRQcm9jZXNzRXhpdENvZGUocGkuaFByb2Nlc3MpOwoKICAgICAgICAgICAgcmV0dXJuIG5ldyBDb21tYW5kUmVzdWx0CiAgICAgICAgICAgIHsKICAgICAgICAgICAgICAgIFN0YW5kYXJkT3V0ID0gc3Rkb3V0X3N0ciwKICAgICAgICAgICAgICAgIFN0YW5kYXJkRXJyb3IgPSBzdGRlcnJfc3RyLAogICAgICAgICAgICAgICAgRXhpdENvZGUgPSByYwogICAgICAgICAgICB9OwogICAgICAgIH0KCiAgICAgICAgcHJpdmF0ZSBzdGF0aWMgdm9pZCBHZXRQcm9jZXNzT3V0cHV0KFN0cmVhbVJlYWRlciBzdGRvdXRTdHJlYW0sIFN0cmVhbVJlYWRlciBzdGRlcnJTdHJlYW0sIG91dCBzdHJpbmcgc3Rkb3V0LCBvdXQgc3RyaW5nIHN0ZGVycikKICAgICAgICB7CiAgICAgICAgICAgIHZhciBzb3dhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHZhciBzZXdhaXQgPSBuZXcgRXZlbnRXYWl0SGFuZGxlKGZhbHNlLCBFdmVudFJlc2V0TW9kZS5NYW51YWxSZXNldCk7CiAgICAgICAgICAgIHN0cmluZyBzbyA9IG51bGwsIHNlID0gbnVsbDsKICAgICAgICAgICAgVGhyZWFkUG9vbC5RdWV1ZVVzZXJXb3JrSXRlbSgocykgPT4KICAgICAgICAgICAgewogICAgICAgICAgICAgICAgc28gPSBzdGRvdXRTdHJlYW0uUmVhZFRvRW5kKCk7CiAgICAgICAgICAgICAgICBzb3dhaXQuU2V0KCk7CiAgICAgICAgICAgIH0pOwogICAgICAgICAgICBUaHJlYWRQb29sLlF1ZXVlVXNlcldvcmtJdGVtKChzKSA9PgogICAgICAgICAgICB7CiAgICAgICAgICAgICAgICBzZSA9IHN0ZGVyclN0cmVhbS5SZWFkVG9FbmQoKTsKICAgICAgICAgICAgICAgIHNld2FpdC5TZXQoKTsKICAgICAgICAgICA ScriptBlock ID: f145171b-ab1f-4a7f-89b6-d6612b94fda4 Path:	4104	1		3	2	15	0	1107	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	3812	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0002-0dea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1106	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	4496	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0003-85e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4500 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1105	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	1452	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0003-85e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1104	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4500	4496	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:15:06 PM	1909dffc-a75a-0003-85e9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is ready for user input	40962	1		4	4	2	0	1103	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	4728	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:14:46 PM	1909dffc-a75a-0003-7fe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Stop	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Windows PowerShell has started an IPC listening thread on process: 4808 in AppDomain: DefaultAppDomain.	53504	1		4	111	10	0	1102	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	4664	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:14:46 PM	1909dffc-a75a-0003-7fe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Open (async)	PowerShell Named Pipe IPC	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
PowerShell console is starting up	40961	1		4	4	1	0	1101	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	4808	4728	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:14:46 PM	1909dffc-a75a-0003-7fe9-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	Start	PowerShell Console Startup	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
CommandInvocation(Add-Type): "Add-Type" ParameterBinding(Add-Type): name="TypeDefinition"; value="using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } }" Context: Severity = Informational Host Name = Default Host Host Version = 5.1.14393.1944 Host ID = 51bebf39-21a7-4c5c-b69e-4d4a076bd7b4 Host Application = PowerShell -NoProfile -NonInteractive -ExecutionPolicy Unrestricted - Engine Version = 5.1.14393.1944 Runspace ID = f416d1d1-e8ee-41c9-b678-42cd43b200a6 Pipeline ID = 7 Command Name = Add-Type Command Type = Cmdlet Script Name = Command Path = Sequence Number = 34 User = N-H1-851359-2\Admin Connected User = Shell ID = Microsoft.PowerShell User Data:	4103	1		4	106	20	0	1100	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	96	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:14:45 PM	1909dffc-a75a-0002-08ea-09195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Information	To be used when operation is just executing a method	Executing Pipeline	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]
Creating Scriptblock text (1 of 1): # Copyright (c) 2017 Ansible Project # Simplified BSD License (see licenses/simplified_bsd.txt or https://opensource.org/licenses/BSD-2-Clause) $process_util = @" using Microsoft.Win32.SafeHandles; using System; using System.Collections; using System.IO; using System.Linq; using System.Runtime.InteropServices; using System.Text; using System.Threading; namespace Ansible { [StructLayout(LayoutKind.Sequential)] public class SECURITY_ATTRIBUTES { public int nLength; public IntPtr lpSecurityDescriptor; public bool bInheritHandle = false; public SECURITY_ATTRIBUTES() { nLength = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFO { public Int32 cb; public IntPtr lpReserved; public IntPtr lpDesktop; public IntPtr lpTitle; public Int32 dwX; public Int32 dwY; public Int32 dwXSize; public Int32 dwYSize; public Int32 dwXCountChars; public Int32 dwYCountChars; public Int32 dwFillAttribute; public Int32 dwFlags; public Int16 wShowWindow; public Int16 cbReserved2; public IntPtr lpReserved2; public SafeFileHandle hStdInput; public SafeFileHandle hStdOutput; public SafeFileHandle hStdError; public STARTUPINFO() { cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public class STARTUPINFOEX { public STARTUPINFO startupInfo; public IntPtr lpAttributeList; public STARTUPINFOEX() { startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(this); } } [StructLayout(LayoutKind.Sequential)] public struct PROCESS_INFORMATION { public IntPtr hProcess; public IntPtr hThread; public int dwProcessId; public int dwThreadId; } [Flags] public enum StartupInfoFlags : uint { USESTDHANDLES = 0x00000100 } public enum HandleFlags : uint { None = 0, INHERIT = 1 } class NativeWaitHandle : WaitHandle { public NativeWaitHandle(IntPtr handle) { this.SafeWaitHandle = new SafeWaitHandle(handle, false); } } public class Win32Exception : System.ComponentModel.Win32Exception { private string _msg; public Win32Exception(string message) : this(Marshal.GetLastWin32Error(), message) { } public Win32Exception(int errorCode, string message) : base(errorCode) { _msg = String.Format("{0} ({1}, Win32ErrorCode {2})", message, base.Message, errorCode); } public override string Message { get { return _msg; } } public static explicit operator Win32Exception(string message) { return new Win32Exception(message); } } public class CommandUtil { private static UInt32 CREATE_UNICODE_ENVIRONMENT = 0x000000400; private static UInt32 EXTENDED_STARTUPINFO_PRESENT = 0x00080000; [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode, BestFitMapping = false)] public static extern bool CreateProcess( [MarshalAs(UnmanagedType.LPWStr)] string lpApplicationName, StringBuilder lpCommandLine, IntPtr lpProcessAttributes, IntPtr lpThreadAttributes, bool bInheritHandles, uint dwCreationFlags, IntPtr lpEnvironment, [MarshalAs(UnmanagedType.LPWStr)] string lpCurrentDirectory, STARTUPINFOEX lpStartupInfo, out PROCESS_INFORMATION lpProcessInformation); [DllImport("kernel32.dll")] public static extern bool CreatePipe( out SafeFileHandle hReadPipe, out SafeFileHandle hWritePipe, SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize); [DllImport("kernel32.dll", SetLastError = true)] public static extern bool SetHandleInformation( SafeFileHandle hObject, HandleFlags dwMask, int dwFlags); [DllImport("kernel32.dll", SetLastError = true)] private static extern bool GetExitCodeProcess( IntPtr hProcess, out uint lpExitCode); [DllImport("kernel32.dll", SetLastError = true, CharSet = CharSet.Unicode)] public static extern uint SearchPath( string lpPath, string lpFileName, string lpExtension, int nBufferLength, [MarshalAs (UnmanagedType.LPTStr)] StringBuilder lpBuffer, out IntPtr lpFilePart); [DllImport("shell32.dll", SetLastError = true)] static extern IntPtr CommandLineToArgvW( [MarshalAs(UnmanagedType.LPWStr)] string lpCmdLine, out int pNumArgs); public static string[] ParseCommandLine(string lpCommandLine) { int numArgs; IntPtr ret = CommandLineToArgvW(lpCommandLine, out numArgs); if (ret == IntPtr.Zero) throw new Win32Exception("Error parsing command line"); IntPtr[] strptrs = new IntPtr[numArgs]; Marshal.Copy(ret, strptrs, 0, numArgs); string[] cmdlineParts = strptrs.Select(s => Marshal.PtrToStringUni(s)).ToArray(); Marshal.FreeHGlobal(ret); return cmdlineParts; } public static string SearchPath(string lpFileName) { StringBuilder sbOut = new StringBuilder(1024); IntPtr filePartOut; if (SearchPath(null, lpFileName, null, sbOut.Capacity, sbOut, out filePartOut) == 0) throw new FileNotFoundException(String.Format("Could not locate the following executable {0}", lpFileName)); return sbOut.ToString(); } public class CommandResult { public string StandardOut { get; internal set; } public string StandardError { get; internal set; } public uint ExitCode { get; internal set; } } public static CommandResult RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, IDictionary environment) { UInt32 startup_flags = CREATE_UNICODE_ENVIRONMENT | EXTENDED_STARTUPINFO_PRESENT; STARTUPINFOEX si = new STARTUPINFOEX(); si.startupInfo.dwFlags = (int)StartupInfoFlags.USESTDHANDLES; SECURITY_ATTRIBUTES pipesec = new SECURITY_ATTRIBUTES(); pipesec.bInheritHandle = true; // Create the stdout, stderr and stdin pipes used in the process and add to the startupInfo SafeFileHandle stdout_read, stdout_write, stderr_read, stderr_write, stdin_read, stdin_write; if (!CreatePipe(out stdout_read, out stdout_write, pipesec, 0)) throw new Win32Exception("STDOUT pipe setup failed"); if (!SetHandleInformation(stdout_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDOUT pipe handle setup failed"); if (!CreatePipe(out stderr_read, out stderr_write, pipesec, 0)) throw new Win32Exception("STDERR pipe setup failed"); if (!SetHandleInformation(stderr_read, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDERR pipe handle setup failed"); if (!CreatePipe(out stdin_read, out stdin_write, pipesec, 0)) throw new Win32Exception("STDIN pipe setup failed"); if (!SetHandleInformation(stdin_write, HandleFlags.INHERIT, 0)) throw new Win32Exception("STDIN pipe handle setup failed"); si.startupInfo.hStdOutput = stdout_write; si.startupInfo.hStdError = stderr_write; si.startupInfo.hStdInput = stdin_read; // Setup the stdin buffer UTF8Encoding utf8_encoding = new UTF8Encoding(false); FileStream stdin_fs = new FileStream(stdin_write, FileAccess.Write, 32768); StreamWriter stdin = new StreamWriter(stdin_fs, utf8_encoding, 32768); // If lpCurrentDirectory is set to null in PS it will be an empty // string here, we need to convert it if (lpCurrentDirectory == "") lpCurrentDirectory = null; StringBuilder environmentString = null; if (environment != null && environment.Count > 0) { environmentString = new StringBuilder(); foreach (DictionaryEntry kv in environment) environmentString.AppendFormat("{0}={1}\0", kv.Key, kv.Value); environmentString.Append('\0'); } // Create the environment block if set IntPtr lpEnvironment = IntPtr.Zero; if (environmentString != null) lpEnvironment = Marshal.StringToHGlobalUni(environmentString.ToString()); // Create new process and run StringBuilder argument_string = new StringBuilder(lpCommandLine); PROCESS_INFORMATION pi = new PROCESS_INFORMATION(); if (!CreateProcess( lpApplicationName, argument_string, IntPtr.Zero, IntPtr.Zero, true, startup_flags, lpEnvironment, lpCurrentDirectory, si, out pi)) { throw new Win32Exception("Failed to create new process"); } // Setup the output buffers and get stdout/stderr FileStream stdout_fs = new FileStream(stdout_read, FileAccess.Read, 4096); StreamReader stdout = new StreamReader(stdout_fs, utf8_encoding, true, 4096); stdout_write.Close(); FileStream stderr_fs = new FileStream(stderr_read, FileAccess.Read, 4096); StreamReader stderr = new StreamReader(stderr_fs, utf8_encoding, true, 4096); stderr_write.Close(); stdin.WriteLine(stdinInput); stdin.Close(); string stdout_str, stderr_str = null; GetProcessOutput(stdout, stderr, out stdout_str, out stderr_str); uint rc = GetProcessExitCode(pi.hProcess); return new CommandResult { StandardOut = stdout_str, StandardError = stderr_str, ExitCode = rc }; } private static void GetProcessOutput(StreamReader stdoutStream, StreamReader stderrStream, out string stdout, out string stderr) { var sowait = new EventWaitHandle(false, EventResetMode.ManualReset); var sewait = new EventWaitHandle(false, EventResetMode.ManualReset); string so = null, se = null; ThreadPool.QueueUserWorkItem((s) => { so = stdoutStream.ReadToEnd(); sowait.Set(); }); ThreadPool.QueueUserWorkItem((s) => { se = stderrStream.ReadToEnd(); sewait.Set(); }); foreach (var wh in new WaitHandle[] { sowait, sewait }) wh.WaitOne(); stdout = so; stderr = se; } private static uint GetProcessExitCode(IntPtr processHandle) { new NativeWaitHandle(processHandle).WaitOne(); uint exitCode; if (!GetExitCodeProcess(processHandle, out exitCode)) throw new Win32Exception("Error getting process exit code"); return exitCode; } } } "@ $ErrorActionPreference = 'Stop' Function Load-CommandUtils { # makes the following static functions available # [Ansible.CommandUtil]::ParseCommandLine(string lpCommandLine) # [Ansible.CommandUtil]::SearchPath(string lpFileName) # [Ansible.CommandUtil]::RunCommand(string lpApplicationName, string lpCommandLine, string lpCurrentDirectory, string stdinInput, string environmentBlock) # # there are also numerous P/Invoke methods that can be called if you are feeling adventurous # FUTURE: find a better way to get the _ansible_remote_tmp variable $original_tmp = $env:TMP $remote_tmp = $original_tmp $module_params = Get-Variable -Name complex_args -ErrorAction SilentlyContinue if ($module_params) { if ($module_params.Value.ContainsKey("_ansible_remote_tmp") ) { $remote_tmp = $module_params.Value["_ansible_remote_tmp"] $remote_tmp = [System.Environment]::ExpandEnvironmentVariables($remote_tmp) } } $env:TMP = $remote_tmp Add-Type -TypeDefinition $process_util $env:TMP = $original_tmp } Function Get-ExecutablePath($executable, $directory) { # lpApplicationName requires the full path to a file, we need to find it # ourselves. # we need to add .exe if it doesn't have an extension already if (-not [System.IO.Path]::HasExtension($executable)) { $executable = "$($executable).exe" } $full_path = [System.IO.Path]::GetFullPath($executable) if ($full_path -ne $executable -and $directory -ne $null) { $file = Get-Item -Path "$directory\$executable" -Force -ErrorAction SilentlyContinue } else { $file = Get-Item -Path $executable -Force -ErrorAction SilentlyContinue } if ($file -ne $null) { $executable_path = $file.FullName } else { $executable_path = [Ansible.CommandUtil]::SearchPath($executable) } return $executable_path } Function Run-Command { Param( [string]$command, # the full command to run including the executable [string]$working_directory = $null, # the working directory to run under, will default to the current dir [string]$stdin = $null, # a string to send to the stdin pipe when executing the command [hashtable]$environment = @{} # a hashtable of environment values to run the command under, this will replace all the other environment variables with these ) # load the C# code we call in this function Load-CommandUtils # need to validate the working directory if it is set if ($working_directory) { # validate working directory is a valid path if (-not (Test-Path -Path $working_directory)) { throw "invalid working directory path '$working_directory'" } } # lpApplicationName needs to be the full path to an executable, we do this # by getting the executable as the first arg and then getting the full path $arguments = [Ansible.CommandUtil]::ParseCommandLine($command) $executable = Get-ExecutablePath -executable $arguments[0] -directory $working_directory # run the command and get the results $command_result = [Ansible.CommandUtil]::RunCommand($executable, $command, $working_directory, $stdin, $environment) return ,@{ executable = $executable stdout = $command_result.StandardOut stderr = $command_result.StandardError rc = $command_result.ExitCode } } # this line must stay at the bottom to ensure all defined module parts are exported Export-ModuleMember -Alias * -Function * -Cmdlet * ScriptBlock ID: d625fad0-ec11-4d52-a4c3-267b68923184 Path:	4104	1		3	2	15	0	1099	Microsoft-Windows-PowerShell	a0c1853b-5c40-4b15-8766-3cf1c58f985a	Microsoft-Windows-PowerShell/Operational	140	3552	n-h1-851359-2	S-1-5-21-2422616133-2950556994-3944890745-1001	8/3/2022 5:14:45 PM	1909dffc-a75a-0004-6735-0a195aa7d801		microsoft-windows-powershell/operational	System.UInt32[]	System.Diagnostics.Eventing.Reader.EventBookmark	Warning	On create calls	Execute a Remote Command	System.Collections.ObjectModel.ReadOnlyCollection`1[System.String]	System.Collections.Generic.List`1[System.Diagnostics.Eventing.Reader.EventProperty]