aboutsummaryrefslogtreecommitdiff
path: root/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
diff options
context:
space:
mode:
Diffstat (limited to 'ReverseEngineering/Get-NtSystemInformation.format.ps1xml')
-rw-r--r--ReverseEngineering/Get-NtSystemInformation.format.ps1xml334
1 files changed, 334 insertions, 0 deletions
diff --git a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
new file mode 100644
index 0000000..5719d67
--- /dev/null
+++ b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
@@ -0,0 +1,334 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+ <ViewDefinitions>
+ <View>
+ <Name>SystemModuleView</Name>
+ <ViewSelectedBy>
+ <TypeName>_SYSTEM_MODULE</TypeName>
+ </ViewSelectedBy>
+ <TableControl>
+ <AutoSize/>
+ <TableHeaders>
+ <TableColumnHeader>
+ <Label>ImageBaseAddress</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>ImageSize</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>Flags</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>Index</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>Rank</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>LoadCount</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>NameOffset</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>Name</Label>
+ </TableColumnHeader>
+ </TableHeaders>
+ <TableRowEntries>
+ <TableRowEntry>
+ <TableColumnItems>
+ <TableColumnItem>
+ <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>ImageSize</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>Flags</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>Index</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>Rank</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>LoadCount</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>NameOffset</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <ScriptBlock>$_.Name -replace '\\SystemRoot', $Env:SystemRoot</ScriptBlock>
+ </TableColumnItem>
+ </TableColumnItems>
+ </TableRowEntry>
+ </TableRowEntries>
+ </TableControl>
+ </View>
+ <View>
+ <Name>PoolTagView</Name>
+ <ViewSelectedBy>
+ <TypeName>_SYSTEM_POOL_TAG_INFORMATION</TypeName>
+ </ViewSelectedBy>
+ <TableControl>
+ <AutoSize/>
+ <TableHeaders>
+ <TableColumnHeader>
+ <Label>Tag</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>PagedPoolAllocs</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>PagedPoolFrees</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>PagedPoolUsage</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>NonPagedPoolAllocs</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>NonPagedPoolFrees</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>NonPagedPoolUsage</Label>
+ </TableColumnHeader>
+ </TableHeaders>
+ <TableRowEntries>
+ <TableRowEntry>
+ <TableColumnItems>
+ <TableColumnItem>
+ <PropertyName>Tag</PropertyName>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>PagedPoolAllocs</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>PagedPoolFrees</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>PagedPoolUsage</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>NonPagedPoolAllocs</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>NonPagedPoolFrees</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>NonPagedPoolUsage</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ </TableColumnItems>
+ </TableRowEntry>
+ </TableRowEntries>
+ </TableControl>
+ </View>
+ <View>
+ <Name>SystemHandleView</Name>
+ <ViewSelectedBy>
+ <TypeName>_SYSTEM_HANDLE_INFORMATION</TypeName>
+ </ViewSelectedBy>
+ <ListControl>
+ <ListEntries>
+ <ListEntry>
+ <ListItems>
+ <ListItem>
+ <PropertyName>UniqueProcessId</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CreatorBackTraceIndex</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ObjectTypeIndex</PropertyName>
+ <FormatString>0x{0:X2}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>HandleAttribute</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>HandleValue</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </ListItem>
+ <ListItem>
+ <Label>Object</Label>
+ <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>GrantedAccess</PropertyName>
+ </ListItem>
+ </ListItems>
+ </ListEntry>
+ </ListEntries>
+ </ListControl>
+ </View>
+ <View>
+ <Name>GenericMappingView</Name>
+ <ViewSelectedBy>
+ <TypeName>_GENERIC_MAPPING</TypeName>
+ </ViewSelectedBy>
+ <TableControl>
+ <AutoSize/>
+ <TableHeaders>
+ <TableColumnHeader>
+ <Label>GenericRead</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>GenericWrite</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>GenericExecute</Label>
+ </TableColumnHeader>
+ <TableColumnHeader>
+ <Label>GenericAll</Label>
+ </TableColumnHeader>
+ </TableHeaders>
+ <TableRowEntries>
+ <TableRowEntry>
+ <TableColumnItems>
+ <TableColumnItem>
+ <PropertyName>GenericRead</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>GenericWrite</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>GenericExecute</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ <TableColumnItem>
+ <PropertyName>GenericAll</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </TableColumnItem>
+ </TableColumnItems>
+ </TableRowEntry>
+ </TableRowEntries>
+ </TableControl>
+ </View>
+ <View>
+ <Name>ObjectTypeView</Name>
+ <ViewSelectedBy>
+ <TypeName>_SYSTEM_OBJECTTYPE_INFORMATION</TypeName>
+ </ViewSelectedBy>
+ <ListControl>
+ <ListEntries>
+ <ListEntry>
+ <ListItems>
+ <ListItem>
+ <PropertyName>NumberOfObjects</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>NumberOfHandles</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>TypeIndex</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>InvalidAttributes</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>GenericMapping</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>ValidAccessMask</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>PoolType</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>SecurityRequired</PropertyName>
+ <FormatString>0x{0:X2}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>WaitableObject</PropertyName>
+ <FormatString>0x{0:X2}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>TypeName</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>Objects</PropertyName>
+ </ListItem>
+ </ListItems>
+ </ListEntry>
+ </ListEntries>
+ </ListControl>
+ </View>
+ <View>
+ <Name>ObjectView</Name>
+ <ViewSelectedBy>
+ <TypeName>_SYSTEM_OBJECT_INFORMATION</TypeName>
+ </ViewSelectedBy>
+ <ListControl>
+ <ListEntries>
+ <ListEntry>
+ <ListItems>
+ <ListItem>
+ <Label>Object</Label>
+ <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <Label>CreatorUniqueProcess</Label>
+ <ScriptBlock>"0x$($_.CreatorUniqueProcess.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>CreatorBackTraceIndex</PropertyName>
+ <FormatString>0x{0:X4}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>Flags</PropertyName>
+ </ListItem>
+ <ListItem>
+ <PropertyName>PointerCount</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>HandleCount</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>PagedPoolCharge</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <PropertyName>NonPagedPoolCharge</PropertyName>
+ <FormatString>0x{0:X8}</FormatString>
+ </ListItem>
+ <ListItem>
+ <Label>ExclusiveProcessId</Label>
+ <ScriptBlock>"0x$($_.ExclusiveProcessId.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <Label>SecurityDescriptor</Label>
+ <ScriptBlock>"0x$($_.SecurityDescriptor.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+ </ListItem>
+ <ListItem>
+ <PropertyName>NameInfo</PropertyName>
+ </ListItem>
+ </ListItems>
+ </ListEntry>
+ </ListEntries>
+ </ListControl>
+ </View>
+ </ViewDefinitions>
+</Configuration> \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-29 02:14:09 +0000