diff options
| author | bitform <matt@exploit-monday.com> | 2013-01-19 18:59:40 -0500 |
|---|---|---|
| committer | bitform <matt@exploit-monday.com> | 2013-01-19 18:59:40 -0500 |
| commit | 3c87916e19a942d3168cbe8cf37d0e380cdd865b (patch) | |
| tree | 3e2d5d44dd2cedac7a1eded3bdde3ed618f53730 /RE_Tools/Get-Strings.ps1 | |
| parent | fcb17a423678dbc5b6acf663df0ebe9d7cfbba17 (diff) | |
| download | PowerSploit-3c87916e19a942d3168cbe8cf37d0e380cdd865b.tar.gz PowerSploit-3c87916e19a942d3168cbe8cf37d0e380cdd865b.zip | |
Renamed RE_Tools. Now ReverseEngineering module
* I renamed RE_Tools to ReverseEngineering and made it a module.
* Slight consistency modifications were made to documentation.
* This is one step in the process of modularizing all of PowerSploit.
Diffstat (limited to 'RE_Tools/Get-Strings.ps1')
| -rw-r--r-- | RE_Tools/Get-Strings.ps1 | 96 |
1 files changed, 0 insertions, 96 deletions
diff --git a/RE_Tools/Get-Strings.ps1 b/RE_Tools/Get-Strings.ps1 deleted file mode 100644 index 37834cd..0000000 --- a/RE_Tools/Get-Strings.ps1 +++ /dev/null @@ -1,96 +0,0 @@ -function Get-Strings
-{
-<#
-.SYNOPSIS
-
-Gets strings from a file.
-
-PowerSploit Module - Inject-Shellcode
-Author: Matthew Graeber (@mattifestation)
-License: BSD 3-Clause
-
-.DESCRIPTION
-
-The Get-Strings cmdlet returns strings (Unicode and/or Ascii) from a file. This cmdlet is useful for dumping strings from binary file and was designed to replicate the functionality of strings.exe from Sysinternals.
-
-.PARAMETER Path
-
-Specifies the path to an item.
-
-.PARAMETER Encoding
-
-Specifies the file encoding. The default value returns both Unicode and Ascii.
-
-.PARAMETER MinimumLength
-
-Specifies the minimum length string to return. The default string length is 3.
-
-.EXAMPLE
-
-C:\PS> Get-Strings C:\Windows\System32\calc.exe
-
-Description
------------
-Dump Unicode and Ascii strings of calc.exe.
-
-.EXAMPLE
-
-C:\PS> Get-ChildItem C:\Windows\System32\*.dll | Get-Strings -MinimumLength 12 -Encoding Ascii
-
-Description
------------
-Dumps Ascii strings of at least length 12 of every dll located in C:\Windows\System32.
-
-.NOTES
-
-This cmdlet was designed to intentionally use only PowerShell cmdlets (no .NET methods) in order to be compatible with PowerShell on Windows RT (or any ConstrainedLanguage runspace).
-
-.LINK
-
-http://www.exploit-monday.com
-#>
-
- Param
- (
- [Parameter(Position = 1, Mandatory = $True, ValueFromPipelineByPropertyName = $True)]
- [ValidateNotNullOrEmpty()]
- [ValidateScript({Test-Path $_ -PathType 'Leaf'})]
- [String[]]
- [Alias('PSPath')]
- $Path,
-
- [ValidateSet('Default','Ascii','Unicode')]
- [String]
- $Encoding = 'Default',
-
- [UInt32]
- $MinimumLength = 3
- )
-
- BEGIN
- {
- $FileContents = ''
- }
- PROCESS
- {
- foreach ($File in $Path)
- {
- if ($Encoding -eq 'Unicode' -or $Encoding -eq 'Default')
- {
- $UnicodeFileContents = Get-Content -Encoding 'Unicode' $File
- $UnicodeRegex = [Regex] "[\u0020-\u007E]{$MinimumLength,}"
- $Results += $UnicodeRegex.Matches($UnicodeFileContents)
- }
-
- if ($Encoding -eq 'Ascii' -or $Encoding -eq 'Default')
- {
- $AsciiFileContents = Get-Content -Encoding 'UTF7' $File
- $AsciiRegex = [Regex] "[\x20-\x7E]{$MinimumLength,}"
- $Results = $AsciiRegex.Matches($AsciiFileContents)
- }
-
- $Results | ForEach-Object { Write-Output $_.Value }
- }
- }
- END {}
-}
\ No newline at end of file |