From 6807da424fca9e1f4b4946e695486aefb7eae1fa Mon Sep 17 00:00:00 2001
From: mattifestation <mattgraeber@gmail.com>
Date: Thu, 29 Aug 2013 19:56:01 +0000
Subject: Added ProcessModuleTrace cmdlets

Added *-ProcessModuleTrace cmdlets to trace details when modules are
loaded into a process. These can be useful for malware analysis.
---
 README.md | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'README.md')

diff --git a/README.md b/README.md
index 6bdda8d..5141808 100644
--- a/README.md
+++ b/README.md
@@ -116,6 +116,18 @@ Converts the bytes of a file to a string that has a 1-to-1 mapping back to the f
 
 Get the unmanaged function address of a .NET method.
 
+#### `Register-ProcessModuleTrace`
+
+Starts a trace of loaded process modules
+
+#### `Get-ProcessModuleTrace`
+
+Displays the process modules that have been loaded since the call to Register-ProcessModuleTrace
+
+#### `Unregister-ProcessModuleTrace`
+
+Stops the running process module trace
+
 ## AntivirusBypass
 
 **AV doesn't stand a chance against PowerShell!**
-- 
cgit v1.2.3