diff options
| author | Matt Graeber <mattgraeber@gmail.com> | 2013-05-24 21:16:43 -0400 |
|---|---|---|
| committer | Matt Graeber <mattgraeber@gmail.com> | 2013-05-24 21:16:43 -0400 |
| commit | 91bd44f0f08259c541088c278467ed9b597985e3 (patch) | |
| tree | b914bec1d86f444aadbfe08088e26d0f6253db92 /ReverseEngineering/Get-PEB.format.ps1xml | |
| parent | 218f0cb24b382f16f0883a72a6b759579c62755c (diff) | |
| download | PowerSploit-91bd44f0f08259c541088c278467ed9b597985e3.tar.gz PowerSploit-91bd44f0f08259c541088c278467ed9b597985e3.zip | |
Get-PEB now parses _RTL_USER_PROCESS_PARAMETERS
Diffstat (limited to 'ReverseEngineering/Get-PEB.format.ps1xml')
| -rw-r--r-- | ReverseEngineering/Get-PEB.format.ps1xml | 114 |
1 files changed, 114 insertions, 0 deletions
diff --git a/ReverseEngineering/Get-PEB.format.ps1xml b/ReverseEngineering/Get-PEB.format.ps1xml index 9c25dc1..88eee6a 100644 --- a/ReverseEngineering/Get-PEB.format.ps1xml +++ b/ReverseEngineering/Get-PEB.format.ps1xml @@ -1095,5 +1095,119 @@ </ListEntries>
</ListControl>
</View>
+ <View>
+ <Name>ProcessParameters</Name>
+ <ViewSelectedBy>
+ <TypeName>PEB.ProcessParameters</TypeName>
+ </ViewSelectedBy>
+ <ListControl>
+ <ListEntries>
+ <ListEntry>
+ <ListItems>
+ <ListItem>
+ <PropertyName>MaximumLength</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>Length</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>Flags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>DebugFlags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <Label>ConsoleHandle</Label>
+ <ScriptBlock>"0x$($_.ConsoleHandle.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ConsoleFlags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <Label>StandardInput</Label>
+ <ScriptBlock>"0x$($_.StandardInput.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <Label>StandardOutput</Label>
+ <ScriptBlock>"0x$($_.StandardOutput.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <Label>StandardError</Label>
+ <ScriptBlock>"0x$($_.StandardError.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CurrentDirectory</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>DllPath</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ImagePathName</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CommandLine</PropertyName>
+ </ListItem>
+ <ListItem>
+ <Label>Environment</Label>
+ <ScriptBlock>"0x$($_.Environment.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>StartingX</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>StartingY</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CountX</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CountY</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CountCharsX</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CountCharsY</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>FillAttribute</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>WindowFlags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ShowWindowFlags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>WindowTitle</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>DesktopInfo</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ShellInfo</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>RuntimeData</PropertyName>
+ </ListItem>
+ </ListItems>
+ </ListEntry>
+ </ListEntries>
+ </ListControl>
+ </View>
</ViewDefinitions>
</Configuration>
\ No newline at end of file |