diff options
| author | bitform <matt@exploit-monday.com> | 2013-01-19 20:46:49 -0500 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2013-01-19 20:46:49 -0500 |
| commit | 59ff1a8b1eb3a8fba4dd9dee036a6c957f8f41ef (patch) | |
| tree | 42bf56fc4390150461ed1e0e304847d11eda9e9d /PETools/Get-PEArchitecture.ps1 | |
| parent | 3c87916e19a942d3168cbe8cf37d0e380cdd865b (diff) | |
| download | PowerSploit-59ff1a8b1eb3a8fba4dd9dee036a6c957f8f41ef.tar.gz PowerSploit-59ff1a8b1eb3a8fba4dd9dee036a6c957f8f41ef.zip | |
PETools module doc. consistency improvements
* Slight consistency modifications were made to documentation.
* Added module manifest for PETools
Diffstat (limited to 'PETools/Get-PEArchitecture.ps1')
| -rw-r--r-- | PETools/Get-PEArchitecture.ps1 | 54 |
1 files changed, 32 insertions, 22 deletions
diff --git a/PETools/Get-PEArchitecture.ps1 b/PETools/Get-PEArchitecture.ps1 index e53c5ff..6272153 100644 --- a/PETools/Get-PEArchitecture.ps1 +++ b/PETools/Get-PEArchitecture.ps1 @@ -1,35 +1,43 @@ function Get-PEArchitecture {
<#
-.Synopsis
+.SYNOPSIS
- PowerSploit Module - Get-PEArchitecture
- Author: Matthew Graeber (@mattifestation)
- License: BSD 3-Clause
-
-.Description
+PowerSploit Module - Get-PEArchitecture
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
- Get-PEArchitecture returns the architecture for which
- a Windows portable executable was compiled.
-
-.Parameter Path
+.DESCRIPTION
- Path to the executable.
-
-.Example
+Get-PEArchitecture returns the architecture for which a Windows portable executable was compiled.
+
+.PARAMETER Path
+
+Path to the executable.
- PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
- X86
+.EXAMPLE
+
+C:\PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
+
+X86
-.Example
+.EXAMPLE
- PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
- X64
+C:\PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
+
+X64
-.Link
+.LINK
- My blog: http://www.exploit-monday.com
+http://www.exploit-monday.com
#>
- Param ( [Parameter(Position = 0, Mandatory = $True)] [String] $Path )
+
+ Param (
+ [Parameter(Position = 0, Mandatory = $True)]
+ [String]
+ $Path
+ )
if (!(Test-Path $Path)) {
Write-Warning 'Invalid path or file does not exist.'
@@ -67,7 +75,7 @@ function Get-PEArchitecture { $Architecture = '{0}' -f (( $IMAGE_FILE_MACHINE[-1..-2] | % { $_.ToString('X2') } ) -join '')
$FileStream.Close()
- if (($Architecture -ne '014C') -and ($Architecture -ne '8664')) {
+ if (($Architecture -ne '014C') -and ($Architecture -ne '8664') -and ($Architecture -ne '01C4')) {
Write-Warning 'Invalid PE header or unsupported architecture.'
return
}
@@ -76,6 +84,8 @@ function Get-PEArchitecture { return 'X86'
} elseif ($Architecture -eq '8664') {
return 'X64'
+ } elseif ($Architecture -eq '01C4') {
+ return 'ARM'
} else {
return 'OTHER'
}
|