From 59ff1a8b1eb3a8fba4dd9dee036a6c957f8f41ef Mon Sep 17 00:00:00 2001
From: bitform <matt@exploit-monday.com>
Date: Sat, 19 Jan 2013 20:46:49 -0500
Subject: PETools module doc. consistency improvements

* Slight consistency modifications were made to documentation.
* Added module manifest for PETools
---
 PETools/Get-PEArchitecture.ps1 | 54 +++++++++++++++++++++++++-----------------
 1 file changed, 32 insertions(+), 22 deletions(-)

(limited to 'PETools/Get-PEArchitecture.ps1')

diff --git a/PETools/Get-PEArchitecture.ps1 b/PETools/Get-PEArchitecture.ps1
index e53c5ff..6272153 100644
--- a/PETools/Get-PEArchitecture.ps1
+++ b/PETools/Get-PEArchitecture.ps1
@@ -1,35 +1,43 @@
 function Get-PEArchitecture {
 <#
-.Synopsis
+.SYNOPSIS
 
- PowerSploit Module - Get-PEArchitecture
- Author: Matthew Graeber (@mattifestation)
- License: BSD 3-Clause
- 
-.Description
+PowerSploit Module - Get-PEArchitecture
+Author: Matthew Graeber (@mattifestation)
+License: BSD 3-Clause
+Required Dependencies: None
+Optional Dependencies: None
 
- Get-PEArchitecture returns the architecture for which
- a Windows portable executable was compiled.
- 
-.Parameter Path
+.DESCRIPTION
 
- Path to the executable.
- 
-.Example
+Get-PEArchitecture returns the architecture for which a Windows portable executable was compiled.
+
+.PARAMETER Path
+
+Path to the executable.
 
- PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
- X86
+.EXAMPLE
+
+C:\PS> Get-PEArchitecture C:\Windows\SysWOW64\calc.exe
+
+X86
  
-.Example
+.EXAMPLE
 
- PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
- X64
+C:\PS> Get-PEArchitecture C:\Windows\System32\cmd.exe
+
+X64
  
-.Link
+.LINK
 
- My blog: http://www.exploit-monday.com
+http://www.exploit-monday.com
 #>
-    Param ( [Parameter(Position = 0, Mandatory = $True)] [String] $Path )
+
+    Param (
+        [Parameter(Position = 0, Mandatory = $True)]
+        [String]
+        $Path
+    )
 
     if (!(Test-Path $Path)) {
         Write-Warning 'Invalid path or file does not exist.'
@@ -67,7 +75,7 @@ function Get-PEArchitecture {
     $Architecture = '{0}' -f (( $IMAGE_FILE_MACHINE[-1..-2] | % { $_.ToString('X2') } ) -join '')
     $FileStream.Close()
     
-    if (($Architecture -ne '014C') -and ($Architecture -ne '8664')) {
+    if (($Architecture -ne '014C') -and ($Architecture -ne '8664') -and ($Architecture -ne '01C4')) {
         Write-Warning 'Invalid PE header or unsupported architecture.'
         return
     }
@@ -76,6 +84,8 @@ function Get-PEArchitecture {
         return 'X86'
     } elseif ($Architecture -eq '8664') {
         return 'X64'
+    } elseif ($Architecture -eq '01C4') {
+        return 'ARM'
     } else {
         return 'OTHER'
     }
-- 
cgit v1.2.3