diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2013-04-28 22:17:14 -0400 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2013-04-28 22:17:14 -0400 |
| commit | 9d286e511f3256bfbee2e238d0e60c217ed3c151 (patch) | |
| tree | 495fb83b820d480ea8a66458a3075ca6619b597e /PETools/PETools.format.ps1xml | |
| parent | 2224f4dca9d856f37a02a9fe4c1941d27c4e564f (diff) | |
| download | PowerSploit-9d286e511f3256bfbee2e238d0e60c217ed3c151.tar.gz PowerSploit-9d286e511f3256bfbee2e238d0e60c217ed3c151.zip | |
Added ARM support to Get-PEHeader
Also fixed various pointer width bugs
Diffstat (limited to 'PETools/PETools.format.ps1xml')
| -rw-r--r-- | PETools/PETools.format.ps1xml | 746 |
1 files changed, 373 insertions, 373 deletions
diff --git a/PETools/PETools.format.ps1xml b/PETools/PETools.format.ps1xml index bce54bd..17d2c56 100644 --- a/PETools/PETools.format.ps1xml +++ b/PETools/PETools.format.ps1xml @@ -1,374 +1,374 @@ -<?xml version="1.0" encoding="utf-8" ?>
-<Configuration>
- <SelectionSets>
- <SelectionSet>
- <Name>OptionHeaderTypes</Name>
- <Types>
- <TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName>
- <TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName>
- </Types>
- </SelectionSet>
- </SelectionSets>
- <ViewDefinitions>
- <View>
- <Name>PEView</Name>
- <ViewSelectedBy>
- <TypeName>PEHeader</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>Module</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DOSHeader</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>FileHeader</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OptionalHeader</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>SectionHeaders</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>Imports</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>Exports</PropertyName>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>OptionalHeaderView</Name>
- <ViewSelectedBy>
- <SelectionSetName>OptionHeaderTypes</SelectionSetName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>Magic</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MajorLinkerVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MinorLinkerVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SizeOfCode</Label>
- <ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfInitializedData</Label>
- <ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfUninitializedData</Label>
- <ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AddressOfEntryPoint</Label>
- <ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>BaseOfCode</Label>
- <ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>BaseOfData</Label>
- <ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ImageBase</Label>
- <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SectionAlignment</Label>
- <ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FileAlignment</Label>
- <ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>MajorOperatingSystemVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MinorOperatingSystemVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MajorSubsystemVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MinorSubsystemVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>Win32VersionValue</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SizeOfImage</Label>
- <ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfHeaders</Label>
- <ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>CheckSum</Label>
- <ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>Subsystem</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DllCharacteristics</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SizeOfStackReserve</Label>
- <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfStackCommit</Label>
- <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfHeapReserve</Label>
- <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SizeOfHeapCommit</Label>
- <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>LoaderFlags</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfRvaAndSizes</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DataDirectory</PropertyName>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>SectionHeaderView</Name>
- <ViewSelectedBy>
- <TypeName>PE+_IMAGE_SECTION_HEADER</TypeName>
- </ViewSelectedBy>
- <TableControl>
- <AutoSize/>
- <TableHeaders>
- <TableColumnHeader>
- <Label>Name</Label>
- <Alignment>Right</Alignment>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>VirtualSize</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>VirtualAddress</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>SizeOfRawData</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>PointerToRawData</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>Characteristics</Label>
- <Alignment>Left</Alignment>
- </TableColumnHeader>
- </TableHeaders>
- <TableRowEntries>
- <TableRowEntry>
- <TableColumnItems>
- <TableColumnItem>
- <Alignment>Right</Alignment>
- <PropertyName>Name</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>Characteristics</PropertyName>
- </TableColumnItem>
- </TableColumnItems>
- </TableRowEntry>
- </TableRowEntries>
- </TableControl>
- </View>
- <View>
- <Name>FileHeaderView</Name>
- <ViewSelectedBy>
- <TypeName>PE+_IMAGE_FILE_HEADER</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>Machine</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfSections</PropertyName>
- </ListItem>
- <ListItem>
- <Label>TimeDateStamp</Label>
- <!-- GMT compile time -->
- <ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock>
- <!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) -->
- <!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> -->
- </ListItem>
- <ListItem>
- <PropertyName>PointerToSymbolTable</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfSymbols</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>SizeOfOptionalHeader</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>Characteristics</PropertyName>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>DataDirectoryView</Name>
- <ViewSelectedBy>
- <TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName>
- </ViewSelectedBy>
- <TableControl>
- <AutoSize/>
- <TableHeaders>
- <TableColumnHeader>
- <Label>VirtualAddress</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>Size</Label>
- </TableColumnHeader>
- </TableHeaders>
- <TableRowEntries>
- <TableRowEntry>
- <TableColumnItems>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- <TableColumnItem>
- <ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock>
- </TableColumnItem>
- </TableColumnItems>
- </TableRowEntry>
- </TableRowEntries>
- </TableControl>
- </View>
- <View>
- <Name>ImportView</Name>
- <ViewSelectedBy>
- <TypeName>Import</TypeName>
- </ViewSelectedBy>
- <TableControl>
- <AutoSize/>
- <TableHeaders>
- <TableColumnHeader>
- <Label>ModuleName</Label>
- <Alignment>Right</Alignment>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>VirtualAddress</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>Ordinal</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>FunctionName</Label>
- </TableColumnHeader>
- </TableHeaders>
- <TableRowEntries>
- <TableRowEntry>
- <TableColumnItems>
- <TableColumnItem>
- <Alignment>Right</Alignment>
- <PropertyName>ModuleName</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>VA</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>Ordinal</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>FunctionName</PropertyName>
- </TableColumnItem>
- </TableColumnItems>
- </TableRowEntry>
- </TableRowEntries>
- </TableControl>
- </View>
- <View>
- <Name>ExportView</Name>
- <ViewSelectedBy>
- <TypeName>Export</TypeName>
- </ViewSelectedBy>
- <TableControl>
- <AutoSize/>
- <TableHeaders>
- <TableColumnHeader>
- <Label>VirtualAddress</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>Ordinal</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>FunctionName</Label>
- </TableColumnHeader>
- <TableColumnHeader>
- <Label>ForwardedName</Label>
- </TableColumnHeader>
- </TableHeaders>
- <TableRowEntries>
- <TableRowEntry>
- <TableColumnItems>
- <TableColumnItem>
- <PropertyName>VA</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>Ordinal</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>FunctionName</PropertyName>
- </TableColumnItem>
- <TableColumnItem>
- <PropertyName>ForwardedName</PropertyName>
- </TableColumnItem>
- </TableColumnItems>
- </TableRowEntry>
- </TableRowEntries>
- </TableControl>
- </View>
- </ViewDefinitions>
+<?xml version="1.0" encoding="utf-8" ?> +<Configuration> + <SelectionSets> + <SelectionSet> + <Name>OptionHeaderTypes</Name> + <Types> + <TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName> + <TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName> + </Types> + </SelectionSet> + </SelectionSets> + <ViewDefinitions> + <View> + <Name>PEView</Name> + <ViewSelectedBy> + <TypeName>PEHeader</TypeName> + </ViewSelectedBy> + <ListControl> + <ListEntries> + <ListEntry> + <ListItems> + <ListItem> + <PropertyName>Module</PropertyName> + </ListItem> + <ListItem> + <PropertyName>DOSHeader</PropertyName> + </ListItem> + <ListItem> + <PropertyName>FileHeader</PropertyName> + </ListItem> + <ListItem> + <PropertyName>OptionalHeader</PropertyName> + </ListItem> + <ListItem> + <PropertyName>SectionHeaders</PropertyName> + </ListItem> + <ListItem> + <PropertyName>Imports</PropertyName> + </ListItem> + <ListItem> + <PropertyName>Exports</PropertyName> + </ListItem> + </ListItems> + </ListEntry> + </ListEntries> + </ListControl> + </View> + <View> + <Name>OptionalHeaderView</Name> + <ViewSelectedBy> + <SelectionSetName>OptionHeaderTypes</SelectionSetName> + </ViewSelectedBy> + <ListControl> + <ListEntries> + <ListEntry> + <ListItems> + <ListItem> + <PropertyName>Magic</PropertyName> + </ListItem> + <ListItem> + <PropertyName>MajorLinkerVersion</PropertyName> + </ListItem> + <ListItem> + <PropertyName>MinorLinkerVersion</PropertyName> + </ListItem> + <ListItem> + <Label>SizeOfCode</Label> + <ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfInitializedData</Label> + <ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfUninitializedData</Label> + <ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>AddressOfEntryPoint</Label> + <ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>BaseOfCode</Label> + <ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>BaseOfData</Label> + <ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>ImageBase</Label> + <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock> + </ListItem> + <ListItem> + <Label>SectionAlignment</Label> + <ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>FileAlignment</Label> + <ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <PropertyName>MajorOperatingSystemVersion</PropertyName> + </ListItem> + <ListItem> + <PropertyName>MinorOperatingSystemVersion</PropertyName> + </ListItem> + <ListItem> + <PropertyName>MajorSubsystemVersion</PropertyName> + </ListItem> + <ListItem> + <PropertyName>MinorSubsystemVersion</PropertyName> + </ListItem> + <ListItem> + <PropertyName>Win32VersionValue</PropertyName> + </ListItem> + <ListItem> + <Label>SizeOfImage</Label> + <ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfHeaders</Label> + <ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <Label>CheckSum</Label> + <ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock> + </ListItem> + <ListItem> + <PropertyName>Subsystem</PropertyName> + </ListItem> + <ListItem> + <PropertyName>DllCharacteristics</PropertyName> + </ListItem> + <ListItem> + <Label>SizeOfStackReserve</Label> + <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfStackCommit</Label> + <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfHeapReserve</Label> + <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock> + </ListItem> + <ListItem> + <Label>SizeOfHeapCommit</Label> + <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock> + </ListItem> + <ListItem> + <PropertyName>LoaderFlags</PropertyName> + </ListItem> + <ListItem> + <PropertyName>NumberOfRvaAndSizes</PropertyName> + </ListItem> + <ListItem> + <PropertyName>DataDirectory</PropertyName> + </ListItem> + </ListItems> + </ListEntry> + </ListEntries> + </ListControl> + </View> + <View> + <Name>SectionHeaderView</Name> + <ViewSelectedBy> + <TypeName>PE+_IMAGE_SECTION_HEADER</TypeName> + </ViewSelectedBy> + <TableControl> + <AutoSize/> + <TableHeaders> + <TableColumnHeader> + <Label>Name</Label> + <Alignment>Right</Alignment> + </TableColumnHeader> + <TableColumnHeader> + <Label>VirtualSize</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>VirtualAddress</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>SizeOfRawData</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>PointerToRawData</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Characteristics</Label> + <Alignment>Left</Alignment> + </TableColumnHeader> + </TableHeaders> + <TableRowEntries> + <TableRowEntry> + <TableColumnItems> + <TableColumnItem> + <Alignment>Right</Alignment> + <PropertyName>Name</PropertyName> + </TableColumnItem> + <TableColumnItem> + <ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + <TableColumnItem> + <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + <TableColumnItem> + <ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + <TableColumnItem> + <ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + <TableColumnItem> + <PropertyName>Characteristics</PropertyName> + </TableColumnItem> + </TableColumnItems> + </TableRowEntry> + </TableRowEntries> + </TableControl> + </View> + <View> + <Name>FileHeaderView</Name> + <ViewSelectedBy> + <TypeName>PE+_IMAGE_FILE_HEADER</TypeName> + </ViewSelectedBy> + <ListControl> + <ListEntries> + <ListEntry> + <ListItems> + <ListItem> + <PropertyName>Machine</PropertyName> + </ListItem> + <ListItem> + <PropertyName>NumberOfSections</PropertyName> + </ListItem> + <ListItem> + <Label>TimeDateStamp</Label> + <!-- GMT compile time --> + <ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> + <!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) --> + <!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> --> + </ListItem> + <ListItem> + <PropertyName>PointerToSymbolTable</PropertyName> + </ListItem> + <ListItem> + <PropertyName>NumberOfSymbols</PropertyName> + </ListItem> + <ListItem> + <PropertyName>SizeOfOptionalHeader</PropertyName> + </ListItem> + <ListItem> + <PropertyName>Characteristics</PropertyName> + </ListItem> + </ListItems> + </ListEntry> + </ListEntries> + </ListControl> + </View> + <View> + <Name>DataDirectoryView</Name> + <ViewSelectedBy> + <TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName> + </ViewSelectedBy> + <TableControl> + <AutoSize/> + <TableHeaders> + <TableColumnHeader> + <Label>VirtualAddress</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Size</Label> + </TableColumnHeader> + </TableHeaders> + <TableRowEntries> + <TableRowEntry> + <TableColumnItems> + <TableColumnItem> + <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + <TableColumnItem> + <ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock> + </TableColumnItem> + </TableColumnItems> + </TableRowEntry> + </TableRowEntries> + </TableControl> + </View> + <View> + <Name>ImportView</Name> + <ViewSelectedBy> + <TypeName>Import</TypeName> + </ViewSelectedBy> + <TableControl> + <AutoSize/> + <TableHeaders> + <TableColumnHeader> + <Label>ModuleName</Label> + <Alignment>Right</Alignment> + </TableColumnHeader> + <TableColumnHeader> + <Label>VA/FT</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Ordinal</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>FunctionName</Label> + </TableColumnHeader> + </TableHeaders> + <TableRowEntries> + <TableRowEntry> + <TableColumnItems> + <TableColumnItem> + <Alignment>Right</Alignment> + <PropertyName>ModuleName</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>RVA</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>Ordinal</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>FunctionName</PropertyName> + </TableColumnItem> + </TableColumnItems> + </TableRowEntry> + </TableRowEntries> + </TableControl> + </View> + <View> + <Name>ExportView</Name> + <ViewSelectedBy> + <TypeName>Export</TypeName> + </ViewSelectedBy> + <TableControl> + <AutoSize/> + <TableHeaders> + <TableColumnHeader> + <Label>RVA</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>Ordinal</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>FunctionName</Label> + </TableColumnHeader> + <TableColumnHeader> + <Label>ForwardedName</Label> + </TableColumnHeader> + </TableHeaders> + <TableRowEntries> + <TableRowEntry> + <TableColumnItems> + <TableColumnItem> + <PropertyName>RVA</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>Ordinal</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>FunctionName</PropertyName> + </TableColumnItem> + <TableColumnItem> + <PropertyName>ForwardedName</PropertyName> + </TableColumnItem> + </TableColumnItems> + </TableRowEntry> + </TableRowEntries> + </TableControl> + </View> + </ViewDefinitions> </Configuration>
\ No newline at end of file |