From 9d286e511f3256bfbee2e238d0e60c217ed3c151 Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Sun, 28 Apr 2013 22:17:14 -0400
Subject: Added ARM support to Get-PEHeader

Also fixed various pointer width bugs
---
 PETools/PETools.format.ps1xml | 746 +++++++++++++++++++++---------------------
 1 file changed, 373 insertions(+), 373 deletions(-)

(limited to 'PETools/PETools.format.ps1xml')
diff --git a/PETools/PETools.format.ps1xml b/PETools/PETools.format.ps1xml
index bce54bd..17d2c56 100644
--- a/PETools/PETools.format.ps1xml
+++ b/PETools/PETools.format.ps1xml
@@ -1,374 +1,374 @@
-<?xml version="1.0" encoding="utf-8" ?>
-<Configuration>
-    <SelectionSets>
-            <SelectionSet>
-                <Name>OptionHeaderTypes</Name>
-                <Types>
-                    <TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName>
-                    <TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName>
-                </Types>
-            </SelectionSet>
-        </SelectionSets>
-    <ViewDefinitions>
-        <View>
-            <Name>PEView</Name>
-            <ViewSelectedBy>
-                <TypeName>PEHeader</TypeName>
-            </ViewSelectedBy>
-            <ListControl>
-                <ListEntries>
-                    <ListEntry>
-                        <ListItems>
-                            <ListItem>
-                                <PropertyName>Module</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>DOSHeader</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>FileHeader</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>OptionalHeader</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>SectionHeaders</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>Imports</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>Exports</PropertyName>
-                            </ListItem>
-                        </ListItems>
-                    </ListEntry>
-                </ListEntries>
-            </ListControl>
-        </View>
-        <View>
-            <Name>OptionalHeaderView</Name>
-            <ViewSelectedBy>
-                <SelectionSetName>OptionHeaderTypes</SelectionSetName>
-            </ViewSelectedBy>
-            <ListControl>
-                <ListEntries>
-                    <ListEntry>
-                        <ListItems>
-                            <ListItem>
-                                <PropertyName>Magic</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MajorLinkerVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MinorLinkerVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfCode</Label>
-                                <ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfInitializedData</Label>
-                                <ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfUninitializedData</Label>
-                                <ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>AddressOfEntryPoint</Label>
-                                <ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>BaseOfCode</Label>
-                                <ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>BaseOfData</Label>
-                                <ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>ImageBase</Label>
-                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SectionAlignment</Label>
-                                <ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>FileAlignment</Label>
-                                <ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MajorOperatingSystemVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MinorOperatingSystemVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MajorSubsystemVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>MinorSubsystemVersion</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>Win32VersionValue</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfImage</Label>
-                                <ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfHeaders</Label>
-                                <ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>CheckSum</Label>
-                                <ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>Subsystem</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>DllCharacteristics</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfStackReserve</Label>
-                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfStackCommit</Label>
-                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfHeapReserve</Label>
-                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <Label>SizeOfHeapCommit</Label>
-                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>LoaderFlags</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>NumberOfRvaAndSizes</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>DataDirectory</PropertyName>
-                            </ListItem>
-                        </ListItems>
-                    </ListEntry>
-                </ListEntries>
-            </ListControl>
-        </View>
-        <View>
-		    <Name>SectionHeaderView</Name>
-                <ViewSelectedBy>
-		            <TypeName>PE+_IMAGE_SECTION_HEADER</TypeName>
-		        </ViewSelectedBy>
-                <TableControl>
-                    <AutoSize/>
-                    <TableHeaders>
-                        <TableColumnHeader>
-                            <Label>Name</Label>
-                            <Alignment>Right</Alignment>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>VirtualSize</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>VirtualAddress</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>SizeOfRawData</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>PointerToRawData</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>Characteristics</Label>
-                            <Alignment>Left</Alignment>
-                        </TableColumnHeader>
-                    </TableHeaders>
-                    <TableRowEntries>
-                        <TableRowEntry>
-                            <TableColumnItems>
-                                <TableColumnItem>
-                                    <Alignment>Right</Alignment>
-                                    <PropertyName>Name</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>Characteristics</PropertyName>
-                                </TableColumnItem>
-                            </TableColumnItems>
-                        </TableRowEntry>
-                    </TableRowEntries>
-                </TableControl>
-        </View>
-        <View>
-            <Name>FileHeaderView</Name>
-            <ViewSelectedBy>
-                <TypeName>PE+_IMAGE_FILE_HEADER</TypeName>
-            </ViewSelectedBy>
-            <ListControl>
-                <ListEntries>
-                    <ListEntry>
-                        <ListItems>
-                            <ListItem>
-                                <PropertyName>Machine</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>NumberOfSections</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <Label>TimeDateStamp</Label>
-                                <!-- GMT compile time -->
-                                <ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock>
-                                <!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) -->
-                                <!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> -->
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>PointerToSymbolTable</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>NumberOfSymbols</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>SizeOfOptionalHeader</PropertyName>
-                            </ListItem>
-                            <ListItem>
-                                <PropertyName>Characteristics</PropertyName>
-                            </ListItem>
-                        </ListItems>
-                    </ListEntry>
-                </ListEntries>
-            </ListControl>
-        </View>
-        <View>
-            <Name>DataDirectoryView</Name>
-                <ViewSelectedBy>
-		            <TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName>
-		        </ViewSelectedBy>
-                <TableControl>
-                    <AutoSize/>
-                    <TableHeaders>
-                        <TableColumnHeader>
-                            <Label>VirtualAddress</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>Size</Label>
-                        </TableColumnHeader>
-                    </TableHeaders>
-                    <TableRowEntries>
-                        <TableRowEntry>
-                            <TableColumnItems>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock>
-                                </TableColumnItem>
-                            </TableColumnItems>
-                        </TableRowEntry>
-                    </TableRowEntries>
-                </TableControl>
-        </View>
-        <View>
-            <Name>ImportView</Name>
-                <ViewSelectedBy>
-		            <TypeName>Import</TypeName>
-		        </ViewSelectedBy>
-                <TableControl>
-                    <AutoSize/>
-                    <TableHeaders>
-                        <TableColumnHeader>
-                            <Label>ModuleName</Label>
-                            <Alignment>Right</Alignment>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>VirtualAddress</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>Ordinal</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>FunctionName</Label>
-                        </TableColumnHeader>
-                    </TableHeaders>
-                    <TableRowEntries>
-                        <TableRowEntry>
-                            <TableColumnItems>
-                                <TableColumnItem>
-                                    <Alignment>Right</Alignment>
-                                    <PropertyName>ModuleName</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>VA</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>Ordinal</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>FunctionName</PropertyName>
-                                </TableColumnItem>
-                            </TableColumnItems>
-                        </TableRowEntry>
-                    </TableRowEntries>
-                </TableControl>
-        </View>
-        <View>
-            <Name>ExportView</Name>
-                <ViewSelectedBy>
-		            <TypeName>Export</TypeName>
-		        </ViewSelectedBy>
-                <TableControl>
-                    <AutoSize/>
-                    <TableHeaders>
-                        <TableColumnHeader>
-                            <Label>VirtualAddress</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>Ordinal</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>FunctionName</Label>
-                        </TableColumnHeader>
-                        <TableColumnHeader>
-                            <Label>ForwardedName</Label>
-                        </TableColumnHeader>
-                    </TableHeaders>
-                    <TableRowEntries>
-                        <TableRowEntry>
-                            <TableColumnItems>
-                                <TableColumnItem>
-                                    <PropertyName>VA</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>Ordinal</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>FunctionName</PropertyName>
-                                </TableColumnItem>
-                                <TableColumnItem>
-                                    <PropertyName>ForwardedName</PropertyName>
-                                </TableColumnItem>
-                            </TableColumnItems>
-                        </TableRowEntry>
-                    </TableRowEntries>
-                </TableControl>
-        </View>
-    </ViewDefinitions>
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+    <SelectionSets>
+            <SelectionSet>
+                <Name>OptionHeaderTypes</Name>
+                <Types>
+                    <TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName>
+                    <TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName>
+                </Types>
+            </SelectionSet>
+        </SelectionSets>
+    <ViewDefinitions>
+        <View>
+            <Name>PEView</Name>
+            <ViewSelectedBy>
+                <TypeName>PEHeader</TypeName>
+            </ViewSelectedBy>
+            <ListControl>
+                <ListEntries>
+                    <ListEntry>
+                        <ListItems>
+                            <ListItem>
+                                <PropertyName>Module</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>DOSHeader</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>FileHeader</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>OptionalHeader</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>SectionHeaders</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>Imports</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>Exports</PropertyName>
+                            </ListItem>
+                        </ListItems>
+                    </ListEntry>
+                </ListEntries>
+            </ListControl>
+        </View>
+        <View>
+            <Name>OptionalHeaderView</Name>
+            <ViewSelectedBy>
+                <SelectionSetName>OptionHeaderTypes</SelectionSetName>
+            </ViewSelectedBy>
+            <ListControl>
+                <ListEntries>
+                    <ListEntry>
+                        <ListItems>
+                            <ListItem>
+                                <PropertyName>Magic</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MajorLinkerVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MinorLinkerVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfCode</Label>
+                                <ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfInitializedData</Label>
+                                <ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfUninitializedData</Label>
+                                <ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>AddressOfEntryPoint</Label>
+                                <ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>BaseOfCode</Label>
+                                <ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>BaseOfData</Label>
+                                <ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>ImageBase</Label>
+                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SectionAlignment</Label>
+                                <ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>FileAlignment</Label>
+                                <ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MajorOperatingSystemVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MinorOperatingSystemVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MajorSubsystemVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>MinorSubsystemVersion</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>Win32VersionValue</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfImage</Label>
+                                <ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfHeaders</Label>
+                                <ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>CheckSum</Label>
+                                <ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>Subsystem</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>DllCharacteristics</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfStackReserve</Label>
+                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfStackCommit</Label>
+                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfHeapReserve</Label>
+                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <Label>SizeOfHeapCommit</Label>
+                                <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>LoaderFlags</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>NumberOfRvaAndSizes</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>DataDirectory</PropertyName>
+                            </ListItem>
+                        </ListItems>
+                    </ListEntry>
+                </ListEntries>
+            </ListControl>
+        </View>
+        <View>
+		    <Name>SectionHeaderView</Name>
+                <ViewSelectedBy>
+		            <TypeName>PE+_IMAGE_SECTION_HEADER</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>Name</Label>
+                            <Alignment>Right</Alignment>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>VirtualSize</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>VirtualAddress</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>SizeOfRawData</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>PointerToRawData</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Characteristics</Label>
+                            <Alignment>Left</Alignment>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <Alignment>Right</Alignment>
+                                    <PropertyName>Name</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Characteristics</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+        <View>
+            <Name>FileHeaderView</Name>
+            <ViewSelectedBy>
+                <TypeName>PE+_IMAGE_FILE_HEADER</TypeName>
+            </ViewSelectedBy>
+            <ListControl>
+                <ListEntries>
+                    <ListEntry>
+                        <ListItems>
+                            <ListItem>
+                                <PropertyName>Machine</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>NumberOfSections</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <Label>TimeDateStamp</Label>
+                                <!-- GMT compile time -->
+                                <ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock>
+                                <!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) -->
+                                <!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> -->
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>PointerToSymbolTable</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>NumberOfSymbols</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>SizeOfOptionalHeader</PropertyName>
+                            </ListItem>
+                            <ListItem>
+                                <PropertyName>Characteristics</PropertyName>
+                            </ListItem>
+                        </ListItems>
+                    </ListEntry>
+                </ListEntries>
+            </ListControl>
+        </View>
+        <View>
+            <Name>DataDirectoryView</Name>
+                <ViewSelectedBy>
+		            <TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>VirtualAddress</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Size</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+        <View>
+            <Name>ImportView</Name>
+                <ViewSelectedBy>
+		            <TypeName>Import</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>ModuleName</Label>
+                            <Alignment>Right</Alignment>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>VA/FT</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Ordinal</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>FunctionName</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <Alignment>Right</Alignment>
+                                    <PropertyName>ModuleName</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>RVA</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Ordinal</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>FunctionName</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+        <View>
+            <Name>ExportView</Name>
+                <ViewSelectedBy>
+		            <TypeName>Export</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>RVA</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Ordinal</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>FunctionName</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ForwardedName</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <PropertyName>RVA</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Ordinal</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>FunctionName</PropertyName>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ForwardedName</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+    </ViewDefinitions>
 </Configuration>
\ No newline at end of file
-- 
cgit v1.2.3

