From 7f0be861f23e85e35284125620a4a0c1a52e83e5 Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Sat, 17 Aug 2013 17:39:04 -0400
Subject: Added ps1xml file for Get-ILDisassembly

Output from Get-ILDisassembly is slightly cleaner.
---
 ReverseEngineering/Get-ILDisassembly.format.ps1xml | 40 ++++++++++++++++++++++
 ReverseEngineering/Get-ILDisassembly.ps1           |  5 ++-
 ReverseEngineering/ReverseEngineering.psd1         |  4 +--
 3 files changed, 46 insertions(+), 3 deletions(-)
 create mode 100644 ReverseEngineering/Get-ILDisassembly.format.ps1xml

diff --git a/ReverseEngineering/Get-ILDisassembly.format.ps1xml b/ReverseEngineering/Get-ILDisassembly.format.ps1xml
new file mode 100644
index 0000000..f933e1e
--- /dev/null
+++ b/ReverseEngineering/Get-ILDisassembly.format.ps1xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+    <ViewDefinitions>
+        <View>
+            <Name>ILInstructionView</Name>
+            <ViewSelectedBy>
+		        <TypeName>IL_INSTRUCTION</TypeName>
+		    </ViewSelectedBy>
+            <TableControl>
+            <AutoSize/>
+                <TableHeaders>
+                    <TableColumnHeader>
+                        <Label>Position</Label>
+                    </TableColumnHeader>
+                    <TableColumnHeader>
+                        <Label>Instruction</Label>
+                    </TableColumnHeader>
+                    <TableColumnHeader>
+                        <Label>Operand</Label>
+                    </TableColumnHeader>
+                </TableHeaders>
+                <TableRowEntries>
+                    <TableRowEntry>
+                        <TableColumnItems>
+                            <TableColumnItem>
+                                <PropertyName>Position</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Instruction</PropertyName>
+                            </TableColumnItem>
+                            <TableColumnItem>
+                                <PropertyName>Operand</PropertyName>
+                            </TableColumnItem>
+                        </TableColumnItems>
+                    </TableRowEntry>
+                </TableRowEntries>
+            </TableControl>
+        </View>
+    </ViewDefinitions>
+</Configuration>
\ No newline at end of file
diff --git a/ReverseEngineering/Get-ILDisassembly.ps1 b/ReverseEngineering/Get-ILDisassembly.ps1
index b3b615e..645dc39 100644
--- a/ReverseEngineering/Get-ILDisassembly.ps1
+++ b/ReverseEngineering/Get-ILDisassembly.ps1
@@ -201,8 +201,11 @@ http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-335.pdf
         }
         
         # Return a custom object containing a position, instruction, and fully-qualified operand
-        New-Object PSObject -Property $Instruction
+        $InstructionObject = New-Object PSObject -Property $Instruction
+        $InstructionObject.PSObject.TypeNames.Insert(0, 'IL_INSTRUCTION')
         
+        $InstructionObject
+
         # Adjust the position in the opcode array accordingly
         $Position += $OperandLength
     }
diff --git a/ReverseEngineering/ReverseEngineering.psd1 b/ReverseEngineering/ReverseEngineering.psd1
index 1e179ea..0f643b7 100644
--- a/ReverseEngineering/ReverseEngineering.psd1
+++ b/ReverseEngineering/ReverseEngineering.psd1
@@ -52,7 +52,7 @@ PowerShellVersion = '2.0'
 # TypesToProcess = @()
 
 # Format files (.ps1xml) to be loaded when importing this module
-FormatsToProcess = 'Get-PEB.format.ps1xml', 'Get-NtSystemInformation.format.ps1xml'
+FormatsToProcess = 'Get-PEB.format.ps1xml', 'Get-NtSystemInformation.format.ps1xml', 'Get-ILDisassembly.format.ps1xml'
 
 # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess
 # NestedModules = @()
@@ -76,7 +76,7 @@ ModuleList = @(@{ModuleName = 'ReverseEngineering'; ModuleVersion = '1.0.0.0'; G
 FileList = 'ReverseEngineering.psm1', 'ReverseEngineering.psd1', 'Get-ILDisassembly.ps1', 'Get-NtSystemInformation.format.ps1xml',
                'Get-NtSystemInformation.ps1', 'Get-Member.ps1', 'Get-MethodAddress.ps1', 'Get-PEB.format.ps1xml',
                'Get-PEB.ps1', 'Get-Strings.ps1', 'Get-StructFromMemory.ps1', 'ConvertTo-String.ps1',
-               'New-Object.ps1', 'Usage.md'
+               'New-Object.ps1', 'Get-ILDisassembly.format.ps1xml', 'Usage.md'
 
 # Private data to pass to the module specified in RootModule/ModuleToProcess
 # PrivateData = ''
-- 
cgit v1.2.3