A quick note about PSExecutionPolicyPreference

April 6, 2018 in Trivia

Running powershell scripts on the system is typically restricted so the usual way to bypass it is to:

  • run powershell -ep <policy> and its variants
  • use Set-ExecutionPolicy <policy> after launching powershell.exe

There is also one more option – use an environment variable called PSExecutionPolicyPreference.

See screenshot:

LoadPackagedLibrary – I don’t even know why should we mention it

April 5, 2018 in Trivia

This is yet another API that can be used to load libraries.

What was the need for it?

Hard to say.

As far as I can tell only one module on Windows 10 imports it today.

Under the hood, it’s just a wrapper for a LoadLibraryExW which in turn relies on LdrLoadDll. Still, if you code sandboxes you may want to capture it.