diff options
Diffstat (limited to 'PETools')
| -rw-r--r-- | PETools/Get-DllLoadPath.ps1 | 20 | ||||
| -rw-r--r-- | PETools/Get-PEArchitecture.ps1 | 9 | ||||
| -rw-r--r-- | PETools/Get-PEHeader.ps1 | 7 |
3 files changed, 24 insertions, 12 deletions
diff --git a/PETools/Get-DllLoadPath.ps1 b/PETools/Get-DllLoadPath.ps1 index 360c913..97b0210 100644 --- a/PETools/Get-DllLoadPath.ps1 +++ b/PETools/Get-DllLoadPath.ps1 @@ -1,8 +1,11 @@ -function Get-DllLoadPath {
+function Get-DllLoadPath
+{
<#
.SYNOPSIS
-PowerSploit Module - Get-DllLoadPath
+Outputs the order of paths in which a dll would be loaded.
+
+PowerSploit Function: Get-DllLoadPath
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
@@ -14,7 +17,7 @@ Get-DllLoadPath returns the path from which Windows will load a Dll for the give .PARAMETER ExecutablePath
- Path to the executable from which the Dll would be loaded.
+Path to the executable from which the Dll would be loaded.
.PARAMETER DllName
@@ -38,7 +41,7 @@ C:\Windows\SysWOW64\Comctl32.dll .OUTPUTS
-$null, System.Management.Automation.PathInfo
+System.Management.Automation.PathInfo
.NOTES
@@ -51,8 +54,13 @@ http://msdn.microsoft.com/en-us/library/windows/desktop/ms682586%28v=vs.85%29.as #>
Param (
- [Parameter(Position = 0, Mandatory = $True)] [String] $ExecutablePath,
- [Parameter(Position = 1, Mandatory = $True)] [String] $DllName
+ [Parameter(Position = 0, Mandatory = $True)]
+ [String]
+ $ExecutablePath,
+
+ [Parameter(Position = 1, Mandatory = $True)]
+ [String]
+ $DllName
)
if (!(Test-Path $ExecutablePath)) {
diff --git a/PETools/Get-PEArchitecture.ps1 b/PETools/Get-PEArchitecture.ps1 index 6272153..efc80be 100644 --- a/PETools/Get-PEArchitecture.ps1 +++ b/PETools/Get-PEArchitecture.ps1 @@ -1,8 +1,11 @@ -function Get-PEArchitecture {
+function Get-PEArchitecture
+{
<#
.SYNOPSIS
-PowerSploit Module - Get-PEArchitecture
+Outputs the architecture for which a binary was compiled.
+
+PowerSploit Function: Get-PEArchitecture
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
@@ -19,13 +22,11 @@ Path to the executable. .EXAMPLE
C:\PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
-
X86
.EXAMPLE
C:\PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
-
X64
.LINK
diff --git a/PETools/Get-PEHeader.ps1 b/PETools/Get-PEHeader.ps1 index 49bfbd6..f32239c 100644 --- a/PETools/Get-PEHeader.ps1 +++ b/PETools/Get-PEHeader.ps1 @@ -1,8 +1,11 @@ -function Get-PEHeader {
+function Get-PEHeader
+{
<#
.SYNOPSIS
-PowerSploit Module - Get-PEHeader
+Parses and outputs the PE header of a process in memory or a PE file on disk.
+
+PowerSploit Function: Get-PEHeader
Author: Matthew Graeber (@mattifestation)
License: BSD 3-Clause
Required Dependencies: None
|