Added ProcessModuleTrace cmdlets

Added *-ProcessModuleTrace cmdlets to trace details when modules are loaded into a process. These can be useful for malware analysis.
author: mattifestation <mattgraeber@gmail.com> 2013-08-29 19:56:01 +0000
committer: mattifestation <mattgraeber@gmail.com> 2013-08-29 19:56:01 +0000
commit: 6807da424fca9e1f4b4946e695486aefb7eae1fa (patch)
tree: 38b769c7bf3c13c2c6fafd8bf907256270c95908 /README.md
parent: fcdd3ad6428b4f1ecfd7f63be629af8cbe3204af (diff)
download: PowerSploit-6807da424fca9e1f4b4946e695486aefb7eae1fa.tar.gz
PowerSploit-6807da424fca9e1f4b4946e695486aefb7eae1fa.zip
1 files changed, 12 insertions, 0 deletions
diff --git a/README.md b/README.md
index 6bdda8d..5141808 100644
--- a/README.md
+++ b/README.md
@@ -116,6 +116,18 @@ Converts the bytes of a file to a string that has a 1-to-1 mapping back to the f
 
 Get the unmanaged function address of a .NET method.
 
+#### `Register-ProcessModuleTrace`
+
+Starts a trace of loaded process modules
+
+#### `Get-ProcessModuleTrace`
+
+Displays the process modules that have been loaded since the call to Register-ProcessModuleTrace
+
+#### `Unregister-ProcessModuleTrace`
+
+Stops the running process module trace
+
 ## AntivirusBypass
 
 **AV doesn't stand a chance against PowerShell!**
author	mattifestation <mattgraeber@gmail.com>	2013-08-29 19:56:01 +0000
committer	mattifestation <mattgraeber@gmail.com>	2013-08-29 19:56:01 +0000
commit	6807da424fca9e1f4b4946e695486aefb7eae1fa (patch)
tree	38b769c7bf3c13c2c6fafd8bf907256270c95908 /README.md
parent	fcdd3ad6428b4f1ecfd7f63be629af8cbe3204af (diff)
download	PowerSploit-6807da424fca9e1f4b4946e695486aefb7eae1fa.tar.gz PowerSploit-6807da424fca9e1f4b4946e695486aefb7eae1fa.zip