From 3d27e6b7de3426a1268d2b2732b08d5e2adade1b Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Thu, 16 May 2013 20:40:21 -0400
Subject: _SYSTEM_HANDLE_INFORMATION prints as a table now

---
 .../Get-NtSystemInformation.format.ps1xml          | 90 ++++++++++++++--------
 1 file changed, 56 insertions(+), 34 deletions(-)

diff --git a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
index 5b7d700..3a73b47 100644
--- a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
+++ b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
@@ -206,40 +206,62 @@
                 <ViewSelectedBy>
 		            <TypeName>_SYSTEM_HANDLE_INFORMATION</TypeName>
 		        </ViewSelectedBy>
-                <ListControl>
-                <ListEntries>
-                    <ListEntry>
-                        <ListItems>
-                            <ListItem>
-                                <PropertyName>UniqueProcessId</PropertyName>
-                                <FormatString>0x{0:X4}</FormatString>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>CreatorBackTraceIndex</PropertyName>
-                                <FormatString>0x{0:X4}</FormatString>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>ObjectTypeIndex</PropertyName>
-                                <FormatString>0x{0:X2}</FormatString>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>HandleAttribute</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>HandleValue</PropertyName>
-                                <FormatString>0x{0:X4}</FormatString>
-                            </ListItem>
-                            <ListItem>
-                                <Label>Object</Label>
-                                <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>GrantedAccess</PropertyName>
-                            </ListItem>
-                        </ListItems>
-                    </ListEntry>
-                </ListEntries>
-            </ListControl>
+                <TableControl>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>UniqueProcessId</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>CreatorBackTraceIndex</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ObjectTypeIndex</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>HandleAttribute</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>HandleValue</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Object</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>GrantedAccess</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <PropertyName>UniqueProcessId</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>CreatorBackTraceIndex</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ObjectTypeIndex</PropertyName>
+                                    <FormatString>0x{0:X2}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>HandleAttribute</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>HandleValue</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.Object.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>GrantedAccess</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
         </View>
         <View>
             <Name>GenericMappingView</Name>
-- 
cgit v1.2.3