diff options
| author | mattifestation <mattgraeber@gmail.com> | 2014-11-16 10:26:11 -0500 |
|---|---|---|
| committer | mattifestation <mattgraeber@gmail.com> | 2014-11-16 10:26:11 -0500 |
| commit | 956e4c968a1795d868e35fcb72311704d616cbaf (patch) | |
| tree | ca962602b87d3a7c89b6d864f6e17c541eb3cce2 /ReverseEngineering/Get-PEB.format.ps1xml | |
| parent | 97034006f63f2691cde8ddb1055b1253c6f93cce (diff) | |
| download | PowerSploit-956e4c968a1795d868e35fcb72311704d616cbaf.tar.gz PowerSploit-956e4c968a1795d868e35fcb72311704d616cbaf.zip | |
Moving all RE functionality to PowerShellArsenal
https://github.com/mattifestation/PowerShellArsenal
PowerSploit will now stay true to its roots of being a purely offensive
PowerShell module.
Diffstat (limited to 'ReverseEngineering/Get-PEB.format.ps1xml')
| -rw-r--r-- | ReverseEngineering/Get-PEB.format.ps1xml | 1210 |
1 files changed, 0 insertions, 1210 deletions
diff --git a/ReverseEngineering/Get-PEB.format.ps1xml b/ReverseEngineering/Get-PEB.format.ps1xml deleted file mode 100644 index 59b5362..0000000 --- a/ReverseEngineering/Get-PEB.format.ps1xml +++ /dev/null @@ -1,1210 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?>
-<Configuration>
- <DefaultSettings>
- <EnumerableExpansions>
- <EnumerableExpansion>
- <Expand>Both</Expand>
- </EnumerableExpansion>
- </EnumerableExpansions>
- </DefaultSettings>
- <ViewDefinitions>
- <View>
- <Name>ProcessEnvironmentBlock_VistaView</Name>
- <ViewSelectedBy>
- <TypeName>PEB.Vista</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>ProcessName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessId</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InheritedAddressSpace</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ReadImageFileExecOptions</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>BeingDebugged</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageUsesLargePages</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>IsProtectedProcess</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>IsLegacyProcess</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>IsImageDynamicallyRelocated</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>SkipPatchingUser32Forwarders</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>IsPackagedProcess</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>IsAppContainer</PropertyName>
- </ListItem>
- <ListItem>
- <Label>Mutant</Label>
- <ScriptBlock>"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ImageBaseAddress</Label>
- <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>Ldr</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InLoadOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InMemoryOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InInitializationOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessParameters</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SubSystemData</Label>
- <ScriptBlock>"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessHeap</Label>
- <ScriptBlock>"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FastPebLock</Label>
- <ScriptBlock>"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AtlThunkSListPtr</Label>
- <ScriptBlock>"0x$($_.AtlThunkSListPtr.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>IFEOKey</Label>
- <ScriptBlock>"0x$($_.IFEOKey.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessInJob</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessInitializing</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessUsingVEH</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessUsingVCH</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessUsingFTH</PropertyName>
- </ListItem>
- <ListItem>
- <Label>KernelCallbackTable</Label>
- <ScriptBlock>"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SystemReserved</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AtlThunkSListPtr32</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ApiSetMap</Label>
- <ScriptBlock>"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>TlsExpansionCounter</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>TlsBitmap</Label>
- <ScriptBlock>"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsBitmapBits</Label>
- <ScriptBlock>($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlySharedMemoryBase</Label>
- <ScriptBlock>"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HotpatchInformation</Label>
- <ScriptBlock>"0x$($_.HotpatchInformation.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlyStaticServerData</Label>
- <ScriptBlock>"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AnsiCodePageData</Label>
- <ScriptBlock>"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>OemCodePageData</Label>
- <ScriptBlock>"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>UnicodeCaseTableData</Label>
- <ScriptBlock>"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfProcessors</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>NtGlobalFlag</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CriticalSectionTimeout</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentReserve</Label>
- <ScriptBlock>"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentCommit</Label>
- <ScriptBlock>"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitTotalFreeThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitFreeBlockThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>MaximumNumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ProcessHeaps</Label>
- <ScriptBlock>"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiSharedHandleTable</Label>
- <ScriptBlock>"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessStarterHelper</Label>
- <ScriptBlock>"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>GdiDCAttributeList</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>LoaderLock</Label>
- <ScriptBlock>"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>OSMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSBuildNumber</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSCSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSPlatformId</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystem</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActiveProcessAffinityMask</Label>
- <ScriptBlock>"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiHandleBuffer</Label>
- <ScriptBlock>($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>PostProcessInitRoutine</Label>
- <ScriptBlock>"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmap</Label>
- <ScriptBlock>"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmapBits</Label>
- <ScriptBlock>($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SessionId</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlags</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlagsUser</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>pShimData</Label>
- <ScriptBlock>"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatInfo</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActivationContextData</Label>
- <ScriptBlock>"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemDefaultActivationContextData</Label>
- <ScriptBlock>"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>MinimumStackCommit</Label>
- <ScriptBlock>"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FlsCallback</Label>
- <ScriptBlock>"0x$($_.FlsCallback.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>FlsListHead</PropertyName>
- </ListItem>
- <ListItem>
- <Label>FlsBitmap</Label>
- <ScriptBlock>"0x$($_.FlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FlsBitmapBits</Label>
- <ScriptBlock>($_.FlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>FlsHighIndex</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>WerRegistrationData</Label>
- <ScriptBlock>"0x$($_.WerRegistrationData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>WerShipAssertPtr</Label>
- <ScriptBlock>"0x$($_.WerShipAssertPtr.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>pUnused</Label>
- <ScriptBlock>"0x$($_.pUnused.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>pImageHeaderHash</Label>
- <ScriptBlock>"0x$($_.pImageHeaderHash.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>HeapTracingEnabled</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CritSecTracingEnabled</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>LibLoaderTracingEnabled</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CsrServerReadOnlySharedMemoryBase</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>ProcessEnvironmentBlock_Server2003View</Name>
- <ViewSelectedBy>
- <TypeName>PEB.Server2003</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>ProcessName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessId</PropertyName>
- </ListItem>
- <ListItem>
- <Label>InheritedAddressSpace</Label>
- <ScriptBlock>if($_.InheritedAddressSpace -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadImageFileExecOptions</Label>
- <ScriptBlock>if($_.ReadImageFileExecOptions -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>BeingDebugged</Label>
- <ScriptBlock>if($_.BeingDebugged -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>ImageUsesLargePages</PropertyName>
- </ListItem>
- <ListItem>
- <Label>Mutant</Label>
- <ScriptBlock>"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ImageBaseAddress</Label>
- <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>Ldr</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InLoadOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InMemoryOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InInitializationOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessParameters</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SubSystemData</Label>
- <ScriptBlock>"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessHeap</Label>
- <ScriptBlock>"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FastPebLock</Label>
- <ScriptBlock>"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AtlThunkSListPtr</Label>
- <ScriptBlock>"0x$($_.AtlThunkSListPtr.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SparePtr2</Label>
- <ScriptBlock>"0x$($_.SparePtr2.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>EnvironmentUpdateCount</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>KernelCallbackTable</Label>
- <ScriptBlock>"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SystemReserved</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AtlThunkSListPtr32</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ApiSetMap</Label>
- <ScriptBlock>"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>TlsExpansionCounter</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>TlsBitmap</Label>
- <ScriptBlock>"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsBitmapBits</Label>
- <ScriptBlock>($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlySharedMemoryBase</Label>
- <ScriptBlock>"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlySharedMemoryHeap</Label>
- <ScriptBlock>"0x$($_.ReadOnlySharedMemoryHeap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlyStaticServerData</Label>
- <ScriptBlock>"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AnsiCodePageData</Label>
- <ScriptBlock>"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>OemCodePageData</Label>
- <ScriptBlock>"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>UnicodeCaseTableData</Label>
- <ScriptBlock>"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfProcessors</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>NtGlobalFlag</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CriticalSectionTimeout</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentReserve</Label>
- <ScriptBlock>"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentCommit</Label>
- <ScriptBlock>"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitTotalFreeThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitFreeBlockThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>MaximumNumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ProcessHeaps</Label>
- <ScriptBlock>"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiSharedHandleTable</Label>
- <ScriptBlock>"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessStarterHelper</Label>
- <ScriptBlock>"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>GdiDCAttributeList</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>LoaderLock</Label>
- <ScriptBlock>"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>OSMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSBuildNumber</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSCSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSPlatformId</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystem</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActiveProcessAffinityMask</Label>
- <ScriptBlock>"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiHandleBuffer</Label>
- <ScriptBlock>($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>PostProcessInitRoutine</Label>
- <ScriptBlock>"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmap</Label>
- <ScriptBlock>"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmapBits</Label>
- <ScriptBlock>($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SessionId</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlags</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlagsUser</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>pShimData</Label>
- <ScriptBlock>"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatInfo</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActivationContextData</Label>
- <ScriptBlock>"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemDefaultActivationContextData</Label>
- <ScriptBlock>"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>MinimumStackCommit</Label>
- <ScriptBlock>"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FlsCallback</Label>
- <ScriptBlock>"0x$($_.FlsCallback.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>FlsListHead</PropertyName>
- </ListItem>
- <ListItem>
- <Label>FlsBitmap</Label>
- <ScriptBlock>"0x$($_.FlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FlsBitmapBits</Label>
- <ScriptBlock>($_.FlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>FlsHighIndex</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>ProcessEnvironmentBlock_XPView</Name>
- <ViewSelectedBy>
- <TypeName>PEB.XP</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>ProcessName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessId</PropertyName>
- </ListItem>
- <ListItem>
- <Label>InheritedAddressSpace</Label>
- <ScriptBlock>if($_.InheritedAddressSpace -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadImageFileExecOptions</Label>
- <ScriptBlock>if($_.ReadImageFileExecOptions -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>BeingDebugged</Label>
- <ScriptBlock>if($_.BeingDebugged -eq 0){$False}else{$True}</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>Mutant</Label>
- <ScriptBlock>"0x$($_.Mutant.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ImageBaseAddress</Label>
- <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>Ldr</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InLoadOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InMemoryOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InInitializationOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessParameters</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SubSystemData</Label>
- <ScriptBlock>"0x$($_.SubSystemData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessHeap</Label>
- <ScriptBlock>"0x$($_.ProcessHeap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FastPebLock</Label>
- <ScriptBlock>"0x$($_.FastPebLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FastPebLockRoutine</Label>
- <ScriptBlock>"0x$($_.FastPebLockRoutine.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>FastPebUnlockRoutine</Label>
- <ScriptBlock>"0x$($_.FastPebUnlockRoutine.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>EnvironmentUpdateCount</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>KernelCallbackTable</Label>
- <ScriptBlock>"0x$($_.KernelCallbackTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SystemReserved</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AtlThunkSListPtr32</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ApiSetMap</Label>
- <ScriptBlock>"0x$($_.ApiSetMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>TlsExpansionCounter</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>TlsBitmap</Label>
- <ScriptBlock>"0x$($_.TlsBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsBitmapBits</Label>
- <ScriptBlock>($_.TlsBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlySharedMemoryBase</Label>
- <ScriptBlock>"0x$($_.ReadOnlySharedMemoryBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlySharedMemoryHeap</Label>
- <ScriptBlock>"0x$($_.ReadOnlySharedMemoryHeap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ReadOnlyStaticServerData</Label>
- <ScriptBlock>"0x$($_.ReadOnlyStaticServerData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>AnsiCodePageData</Label>
- <ScriptBlock>"0x$($_.AnsiCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>OemCodePageData</Label>
- <ScriptBlock>"0x$($_.OemCodePageData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>UnicodeCaseTableData</Label>
- <ScriptBlock>"0x$($_.UnicodeCaseTableData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfProcessors</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>NtGlobalFlag</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CriticalSectionTimeout</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentReserve</Label>
- <ScriptBlock>"0x$($_.HeapSegmentReserve.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapSegmentCommit</Label>
- <ScriptBlock>"0x$($_.HeapSegmentCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitTotalFreeThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitTotalFreeThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>HeapDeCommitFreeBlockThreshold</Label>
- <ScriptBlock>"0x$($_.HeapDeCommitFreeBlockThreshold.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>MaximumNumberOfHeaps</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ProcessHeaps</Label>
- <ScriptBlock>"0x$($_.ProcessHeaps.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiSharedHandleTable</Label>
- <ScriptBlock>"0x$($_.GdiSharedHandleTable.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessStarterHelper</Label>
- <ScriptBlock>"0x$($_.ProcessStarterHelper.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>GdiDCAttributeList</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>LoaderLock</Label>
- <ScriptBlock>"0x$($_.LoaderLock.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>OSMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSBuildNumber</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSCSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>OSPlatformId</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystem</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMajorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageSubsystemMinorVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActiveProcessAffinityMask</Label>
- <ScriptBlock>"0x$($_.ActiveProcessAffinityMask.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>GdiHandleBuffer</Label>
- <ScriptBlock>($_.GdiHandleBuffer | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>PostProcessInitRoutine</Label>
- <ScriptBlock>"0x$($_.PostProcessInitRoutine.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmap</Label>
- <ScriptBlock>"0x$($_.TlsExpansionBitmap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>TlsExpansionBitmapBits</Label>
- <ScriptBlock>($_.TlsExpansionBitmapBits | % { "0x$($_.ToString('X8'))" }) -join ','</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SessionId</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlags</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatFlagsUser</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <Label>pShimData</Label>
- <ScriptBlock>"0x$($_.pShimData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>AppCompatInfo</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CSDVersion</PropertyName>
- </ListItem>
- <ListItem>
- <Label>ActivationContextData</Label>
- <ScriptBlock>"0x$($_.ActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ProcessAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.ProcessAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemDefaultActivationContextData</Label>
- <ScriptBlock>"0x$($_.SystemDefaultActivationContextData.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SystemAssemblyStorageMap</Label>
- <ScriptBlock>"0x$($_.SystemAssemblyStorageMap.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>MinimumStackCommit</Label>
- <ScriptBlock>"0x$($_.MinimumStackCommit.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>ProcessEnvironmentBlock_ModuleEntryView</Name>
- <ViewSelectedBy>
- <TypeName>PEB.ModuleEntry</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>InLoadOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InMemoryOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InInitializationOrderModuleList</PropertyName>
- </ListItem>
- <ListItem>
- <Label>BaseAddress</Label>
- <ScriptBlock>"0x$($_.BaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>EntryPoint</Label>
- <ScriptBlock>"0x$($_.EntryPoint.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>SizeOfImage</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>FullDllName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>BaseDllName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>PackagedBinary</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImageDll</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>LoadNotificationsSent</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>TelemetryEntryProcessed</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessStaticImport</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InLegacyLists</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InIndexes</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ShimDll</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>InExceptionTable</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>LoadInProgress</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>EntryProcessed</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DontCallForThreads</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessAttachCalled</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ProcessAttachFailed</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CorDeferredValidate</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CorImage</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DontRelocate</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CorILOnly</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>Redirected</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CompatDatabaseProcessed</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ObsoleteLoadCount</PropertyName>
- <FormatString>0x{0:X4}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>TlsIndex</PropertyName>
- <FormatString>0x{0:X4}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>HashLinks</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>TimeDateStamp</PropertyName>
- </ListItem>
- <ListItem>
- <Label>EntryPointActivationContext</Label>
- <ScriptBlock>"0x$($_.EntryPointActivationContext.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>PatchInformation</Label>
- <ScriptBlock>"0x$($_.PatchInformation.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>DdagNode</Label>
- <ScriptBlock>"0x$($_.DdagNode.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>NodeModuleLink</PropertyName>
- </ListItem>
- <ListItem>
- <Label>SnapContext</Label>
- <ScriptBlock>"0x$($_.SnapContext.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>ParentDllBase</Label>
- <ScriptBlock>"0x$($_.ParentDllBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>SwitchBackContext</Label>
- <ScriptBlock>"0x$($_.SwitchBackContext.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>BaseAddressIndexNode</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>MappingInfoIndexNode</PropertyName>
- </ListItem>
- <ListItem>
- <Label>OriginalBase</Label>
- <ScriptBlock>"0x$($_.OriginalBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>LoadTime</PropertyName>
- <FormatString>0x{0:X16}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>BaseNameHashValue</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>LoadReason</PropertyName>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- <View>
- <Name>ProcessParameters</Name>
- <ViewSelectedBy>
- <TypeName>PEB.ProcessParameters</TypeName>
- </ViewSelectedBy>
- <ListControl>
- <ListEntries>
- <ListEntry>
- <ListItems>
- <ListItem>
- <PropertyName>MaximumLength</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>Length</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>Flags</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>DebugFlags</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>ConsoleHandle</Label>
- <ScriptBlock>"0x$($_.ConsoleHandle.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>ConsoleFlags</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <Label>StandardInput</Label>
- <ScriptBlock>"0x$($_.StandardInput.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>StandardOutput</Label>
- <ScriptBlock>"0x$($_.StandardOutput.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <Label>StandardError</Label>
- <ScriptBlock>"0x$($_.StandardError.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>CurrentDirectory</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DllPath</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ImagePathName</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>CommandLine</PropertyName>
- </ListItem>
- <ListItem>
- <Label>Environment</Label>
- <ScriptBlock>"0x$($_.Environment.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
- </ListItem>
- <ListItem>
- <PropertyName>StartingX</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>StartingY</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CountX</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CountY</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CountCharsX</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>CountCharsY</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>FillAttribute</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>WindowFlags</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>ShowWindowFlags</PropertyName>
- <FormatString>0x{0:X8}</FormatString>
- </ListItem>
- <ListItem>
- <PropertyName>WindowTitle</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>DesktopInfo</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>ShellInfo</PropertyName>
- </ListItem>
- <ListItem>
- <PropertyName>RuntimeData</PropertyName>
- </ListItem>
- </ListItems>
- </ListEntry>
- </ListEntries>
- </ListControl>
- </View>
- </ViewDefinitions>
-</Configuration>
|