aboutsummaryrefslogtreecommitdiff
path: root/ReverseEngineering
AgeCommit message (Collapse)AuthorFilesLines
2013-08-17Explicitly casting types as [Type]v2.2Matt Graeber2-6/+6
The latest version of .NET added generics to many of the InteropService methods. Therefore, all of my uses of types need to be explicitly cast with [Type].
2013-08-17Added ps1xml file for Get-ILDisassemblyMatt Graeber3-3/+46
Output from Get-ILDisassembly is slightly cleaner.
2013-07-11Latest version of .NET Framework broke Get-PEBMatt Graeber1-12/+12
To fix this, I needed to explicitly cast types in the SizeOf and PtrToStructure methods.
2013-07-04Forgot to add CodeIntegrityInformation to helpMatt Graeber1-0/+4
2013-07-04Get-NtSystemInformation can now query UMCI infoMatt Graeber2-0/+55
Get-NtSystemInformation now returns SystemCodeIntegrityInformation - i.e. user-mode code integrity settings. This required reverse engineering a dll that is only present on Windows 8 ARM devices.
2013-06-08New-Object proxy function compatibility fixMatt Graeber1-0/+0
I was calling the [Guid]::TryParse method that was only present in .NET 4 so this wasn't working in PowerShell v2.
2013-06-05Forgot to add -Property param to CLSID optionMatt Graeber1-0/+0
2013-06-05Added New-Object proxy functionMatt Graeber2-1/+1
You can provide a CLSID (i.e. a Guid) to New-Object via the -ComObject parameter in addition to a ProgId.
2013-06-01Type names added to Get-NtSystemInformationMatt Graeber2-4/+227
When displaying handle information, you can now filter by and display object type names: Get-NtSystemInformation
2013-05-31Fixed architecture detection bug in Get-PEBMatt Graeber1-1/+1
I was checking processor architecture when I should have been checking OS architecture.
2013-05-29Silly me. Just discovered the SetOffset method.Matt Graeber1-77/+75
Thanks @JosephBialek!
2013-05-25ProcessParameters now displays properlyMatt Graeber1-6/+3
2013-05-24Get-PEB now parses _RTL_USER_PROCESS_PARAMETERSMatt Graeber2-1/+201
2013-05-16_SYSTEM_HANDLE_INFORMATION prints as a table nowMatt Graeber1-34/+56
2013-05-16Added _SYSTEM_LOCK_INFORMATION structMatt Graeber2-1/+119
Yet another method of leaking kernel pointers.
2013-05-13Cleaned up Get-NtSystemInformationMatt Graeber1-2385/+81
* Removed the unnecessary NTSTATUS entries * Used splatting instead of backticks * Fixed a n00b memory management error as well.
2013-05-12Object access mask now displays properlyMatt Graeber1-2/+3
2013-05-12Removed duplicate type definitionMatt Graeber1-15/+0
2013-05-12Removed some extraneous commentsMatt Graeber1-17/+17
2013-05-12Added Get-NtSystemInformationMatt Graeber3-4/+3425
Get-NtSystemInformation is a wrapper function for NtQuerySystemInformation. It is a swiss-army knife tool for obtaining internal OS information. It can currently be used to query the following: global flags, handles, objects, kernel pool allocations, and loaded kernel modules
2013-05-12Removing Get-KernelModuleInfoMatt Graeber2-321/+0
Making way for Get-NtSystemInformation. Loaded kernel module information can be viewed with `Get-NtSystemInformation -ModuleInformation`
2013-05-10Added ConvertTo-StringMatt Graeber1-0/+70
ConvertTo-String converts the bytes of a file to a string that has a 1-to-1 mapping back to the file's original bytes. ConvertTo-String is useful for performing binary regular expressions.
2013-04-05Fixed x86 bug in Get-MethodAddressMatt Graeber1-110/+119
Get-MethodAddress was not working correctly in 32-bit PowerShell because it was returning a [UInt64] value when it should have been a [UInt32]. This fix will detect if PowerShell is running as 32 or 64-bit and define its return type accordingly.
2013-02-17Get-MethodAddress now returns an IntPtr.bitform1-3/+1
It previously returned a UInt64. Returning an IntPtr makes more sense.
2013-01-21Consistency improvements in comment-based helpbitform7-7/+9
2013-01-20Corrections made to usage documentationbitform1-1/+1
2013-01-20Updated module manifest file listingbitform1-1/+1
2013-01-20Renamed Usage.txt to Usage.md to apply markdown.bitform1-0/+0
2013-01-20Removed logic in scripts to load ps1xml filesbitform4-20/+13
* Now that PETools and ReverseEngineering are both full-fledged modules with proper manifests, the manifests will take care of loading the appropriate ps1xml files. * Added Usage.txt to ReverseEngineering module.
2013-01-19Renamed RE_Tools. Now ReverseEngineering modulebitform11-0/+3526
* I renamed RE_Tools to ReverseEngineering and made it a module. * Slight consistency modifications were made to documentation. * This is one step in the process of modularizing all of PowerSploit.
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-26 02:36:00 +0000