diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2013-08-17 17:39:04 -0400 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2013-08-17 17:39:04 -0400 |
| commit | 7f0be861f23e85e35284125620a4a0c1a52e83e5 (patch) | |
| tree | cc715d39d73d997a085a74201bd5d631a5ee0b5d | |
| parent | 9bb31fc9b9b3524d4a4b45b8e92bc5fba6da6645 (diff) | |
| download | PowerSploit-7f0be861f23e85e35284125620a4a0c1a52e83e5.tar.gz PowerSploit-7f0be861f23e85e35284125620a4a0c1a52e83e5.zip | |
Added ps1xml file for Get-ILDisassembly
Output from Get-ILDisassembly is slightly cleaner.
| -rw-r--r-- | ReverseEngineering/Get-ILDisassembly.format.ps1xml | 40 | ||||
| -rw-r--r-- | ReverseEngineering/Get-ILDisassembly.ps1 | 5 | ||||
| -rw-r--r-- | ReverseEngineering/ReverseEngineering.psd1 | 4 |
3 files changed, 46 insertions, 3 deletions
diff --git a/ReverseEngineering/Get-ILDisassembly.format.ps1xml b/ReverseEngineering/Get-ILDisassembly.format.ps1xml new file mode 100644 index 0000000..f933e1e --- /dev/null +++ b/ReverseEngineering/Get-ILDisassembly.format.ps1xml @@ -0,0 +1,40 @@ +<?xml version="1.0" encoding="utf-8" ?> +<Configuration> + <ViewDefinitions> + <View> + <Name>ILInstructionView</Name> + <ViewSelectedBy> + <TypeName>IL_INSTRUCTION</TypeName> + </ViewSelectedBy> + <TableControl> + <AutoSize/> + <TableHeaders> + <TableColumnHeader> + <Label>Position</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Instruction</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Operand</Label> + </TableColumnHeader> + </TableHeaders> + <TableRowEntries> + <TableRowEntry> + <TableColumnItems> + <TableColumnItem> + <PropertyName>Position</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>Instruction</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>Operand</PropertyName> + </TableColumnItem> + </TableColumnItems> + </TableRowEntry> + </TableRowEntries> + </TableControl> + </View> + </ViewDefinitions> +</Configuration>
\ No newline at end of file diff --git a/ReverseEngineering/Get-ILDisassembly.ps1 b/ReverseEngineering/Get-ILDisassembly.ps1 index b3b615e..645dc39 100644 --- a/ReverseEngineering/Get-ILDisassembly.ps1 +++ b/ReverseEngineering/Get-ILDisassembly.ps1 @@ -201,8 +201,11 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf }
# Return a custom object containing a position, instruction, and fully-qualified operand
- New-Object PSObject -Property $Instruction
+ $InstructionObject = New-Object PSObject -Property $Instruction
+ $InstructionObject.PSObject.TypeNames.Insert(0, 'IL_INSTRUCTION')
+ $InstructionObject
+
# Adjust the position in the opcode array accordingly
$Position += $OperandLength
}
diff --git a/ReverseEngineering/ReverseEngineering.psd1 b/ReverseEngineering/ReverseEngineering.psd1 index 1e179ea..0f643b7 100644 --- a/ReverseEngineering/ReverseEngineering.psd1 +++ b/ReverseEngineering/ReverseEngineering.psd1 @@ -52,7 +52,7 @@ PowerShellVersion = '2.0' # TypesToProcess = @()
# Format files (.ps1xml) to be loaded when importing this module
-FormatsToProcess = 'Get-PEB.format.ps1xml', 'Get-NtSystemInformation.format.ps1xml'
+FormatsToProcess = 'Get-PEB.format.ps1xml', 'Get-NtSystemInformation.format.ps1xml', 'Get-ILDisassembly.format.ps1xml'
# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
# NestedModules = @()
@@ -76,7 +76,7 @@ ModuleList = @(@{ModuleName = 'ReverseEngineering'; ModuleVersion = '1.0.0.0'; G FileList = 'ReverseEngineering.psm1', 'ReverseEngineering.psd1', 'Get-ILDisassembly.ps1', 'Get-NtSystemInformation.format.ps1xml',
'Get-NtSystemInformation.ps1', 'Get-Member.ps1', 'Get-MethodAddress.ps1', 'Get-PEB.format.ps1xml',
'Get-PEB.ps1', 'Get-Strings.ps1', 'Get-StructFromMemory.ps1', 'ConvertTo-String.ps1',
- 'New-Object.ps1', 'Usage.md'
+ 'New-Object.ps1', 'Get-ILDisassembly.format.ps1xml', 'Usage.md'
# Private data to pass to the module specified in RootModule/ModuleToProcess
# PrivateData = ''
|