diff options
Diffstat (limited to 'ReverseEngineering/Get-NtSystemInformation.format.ps1xml')
| -rw-r--r-- | ReverseEngineering/Get-NtSystemInformation.format.ps1xml | 440 |
1 files changed, 0 insertions, 440 deletions
diff --git a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml deleted file mode 100644 index fa3ed41..0000000 --- a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml +++ /dev/null @@ -1,440 +0,0 @@ -<?xml version="1.0" encoding="utf-8" ?> -<Configuration> - <ViewDefinitions> - <View> - <Name>SystemModuleView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_MODULE</TypeName> - </ViewSelectedBy> - <TableControl> - <AutoSize/> - <TableHeaders> - <TableColumnHeader> - <Label>ImageBaseAddress</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>ImageSize</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Flags</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Index</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Rank</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>LoadCount</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NameOffset</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Name</Label> - </TableColumnHeader> - </TableHeaders> - <TableRowEntries> - <TableRowEntry> - <TableColumnItems> - <TableColumnItem> - <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </TableColumnItem> - <TableColumnItem> - <PropertyName>ImageSize</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>Flags</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>Index</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>Rank</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>LoadCount</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NameOffset</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <ScriptBlock>$_.Name -replace '\\SystemRoot', $Env:SystemRoot</ScriptBlock> - </TableColumnItem> - </TableColumnItems> - </TableRowEntry> - </TableRowEntries> - </TableControl> - </View> - <View> - <Name>SystemLockView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_LOCK_INFORMATION</TypeName> - </ViewSelectedBy> - <TableControl> - <TableHeaders> - <TableColumnHeader> - <Label>Address</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Type</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>ExclusiveOwnerThreadId</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>ActiveCount</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>ContentionCount</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NumberOfSharedWaiters</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NumberOfExclusiveWaiters</Label> - </TableColumnHeader> - </TableHeaders> - <TableRowEntries> - <TableRowEntry> - <TableColumnItems> - <TableColumnItem> - <ScriptBlock>"0x$($_.Address.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </TableColumnItem> - <TableColumnItem> - <PropertyName>Type</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>ExclusiveOwnerThreadId</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>ActiveCount</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>ContentionCount</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NumberOfSharedWaiters</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NumberOfExclusiveWaiters</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - </TableColumnItems> - </TableRowEntry> - </TableRowEntries> - </TableControl> - </View> - <View> - <Name>PoolTagView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_POOL_TAG_INFORMATION</TypeName> - </ViewSelectedBy> - <TableControl> - <AutoSize/> - <TableHeaders> - <TableColumnHeader> - <Label>Tag</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>PagedPoolAllocs</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>PagedPoolFrees</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>PagedPoolUsage</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NonPagedPoolAllocs</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NonPagedPoolFrees</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>NonPagedPoolUsage</Label> - </TableColumnHeader> - </TableHeaders> - <TableRowEntries> - <TableRowEntry> - <TableColumnItems> - <TableColumnItem> - <PropertyName>Tag</PropertyName> - </TableColumnItem> - <TableColumnItem> - <PropertyName>PagedPoolAllocs</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>PagedPoolFrees</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>PagedPoolUsage</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NonPagedPoolAllocs</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NonPagedPoolFrees</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>NonPagedPoolUsage</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - </TableColumnItems> - </TableRowEntry> - </TableRowEntries> - </TableControl> - </View> - <View> - <Name>SystemHandleView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_HANDLE_INFORMATION</TypeName> - </ViewSelectedBy> - <TableControl> - <TableHeaders> - <TableColumnHeader> - <Label>UniqueProcessId</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>CreatorBackTraceIndex</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>ObjectType</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>HandleAttribute</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>HandleValue</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>Object</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>GrantedAccess</Label> - </TableColumnHeader> - </TableHeaders> - <TableRowEntries> - <TableRowEntry> - <TableColumnItems> - <TableColumnItem> - <PropertyName>UniqueProcessId</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>CreatorBackTraceIndex</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>ObjectType</PropertyName> - </TableColumnItem> - <TableColumnItem> - <PropertyName>HandleAttribute</PropertyName> - </TableColumnItem> - <TableColumnItem> - <PropertyName>HandleValue</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </TableColumnItem> - <TableColumnItem> - <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </TableColumnItem> - <TableColumnItem> - <PropertyName>GrantedAccess</PropertyName> - </TableColumnItem> - </TableColumnItems> - </TableRowEntry> - </TableRowEntries> - </TableControl> - </View> - <View> - <Name>GenericMappingView</Name> - <ViewSelectedBy> - <TypeName>_GENERIC_MAPPING</TypeName> - </ViewSelectedBy> - <TableControl> - <AutoSize/> - <TableHeaders> - <TableColumnHeader> - <Label>GenericRead</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>GenericWrite</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>GenericExecute</Label> - </TableColumnHeader> - <TableColumnHeader> - <Label>GenericAll</Label> - </TableColumnHeader> - </TableHeaders> - <TableRowEntries> - <TableRowEntry> - <TableColumnItems> - <TableColumnItem> - <PropertyName>GenericRead</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>GenericWrite</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>GenericExecute</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - <TableColumnItem> - <PropertyName>GenericAll</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </TableColumnItem> - </TableColumnItems> - </TableRowEntry> - </TableRowEntries> - </TableControl> - </View> - <View> - <Name>ObjectTypeView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_OBJECTTYPE_INFORMATION</TypeName> - </ViewSelectedBy> - <ListControl> - <ListEntries> - <ListEntry> - <ListItems> - <ListItem> - <PropertyName>NumberOfObjects</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>NumberOfHandles</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>TypeIndex</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>InvalidAttributes</PropertyName> - </ListItem> - <ListItem> - <PropertyName>GenericMapping</PropertyName> - </ListItem> - <ListItem> - <PropertyName>ValidAccessMask</PropertyName> - </ListItem> - <ListItem> - <PropertyName>PoolType</PropertyName> - </ListItem> - <ListItem> - <PropertyName>SecurityRequired</PropertyName> - <FormatString>0x{0:X2}</FormatString> - </ListItem> - <ListItem> - <PropertyName>WaitableObject</PropertyName> - <FormatString>0x{0:X2}</FormatString> - </ListItem> - <ListItem> - <PropertyName>TypeName</PropertyName> - </ListItem> - <ListItem> - <PropertyName>Objects</PropertyName> - </ListItem> - </ListItems> - </ListEntry> - </ListEntries> - </ListControl> - </View> - <View> - <Name>ObjectView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_OBJECT_INFORMATION</TypeName> - </ViewSelectedBy> - <ListControl> - <ListEntries> - <ListEntry> - <ListItems> - <ListItem> - <Label>Object</Label> - <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </ListItem> - <ListItem> - <Label>CreatorUniqueProcess</Label> - <ScriptBlock>"0x$($_.CreatorUniqueProcess.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </ListItem> - <ListItem> - <PropertyName>CreatorBackTraceIndex</PropertyName> - <FormatString>0x{0:X4}</FormatString> - </ListItem> - <ListItem> - <PropertyName>Flags</PropertyName> - </ListItem> - <ListItem> - <PropertyName>PointerCount</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>HandleCount</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>PagedPoolCharge</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>NonPagedPoolCharge</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <Label>ExclusiveProcessId</Label> - <ScriptBlock>"0x$($_.ExclusiveProcessId.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </ListItem> - <ListItem> - <Label>SecurityDescriptor</Label> - <ScriptBlock>"0x$($_.SecurityDescriptor.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> - </ListItem> - <ListItem> - <PropertyName>NameInfo</PropertyName> - </ListItem> - </ListItems> - </ListEntry> - </ListEntries> - </ListControl> - </View> - <View> - <Name>CodeIntegrityTypeView</Name> - <ViewSelectedBy> - <TypeName>_SYSTEM_CODEINTEGRITY_INFORMATION</TypeName> - </ViewSelectedBy> - <ListControl> - <ListEntries> - <ListEntry> - <ListItems> - <ListItem> - <PropertyName>CodeIntegrityOptions</PropertyName> - <FormatString>0x{0:X8}</FormatString> - </ListItem> - <ListItem> - <PropertyName>LockdownState</PropertyName> - </ListItem> - </ListItems> - </ListEntry> - </ListEntries> - </ListControl> - </View> - </ViewDefinitions> -</Configuration> |