From ea0dc9a2b8c51c1f861b0174d61fa1fb2aaf5be6 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Sun, 12 May 2013 10:27:15 -0400 Subject: Added Get-NtSystemInformation Get-NtSystemInformation is a wrapper function for NtQuerySystemInformation. It is a swiss-army knife tool for obtaining internal OS information. It can currently be used to query the following: global flags, handles, objects, kernel pool allocations, and loaded kernel modules --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 3ee10be..94a80e3 100644 --- a/README.md +++ b/README.md @@ -84,9 +84,9 @@ Returns the process environment block (PEB) of a process. Disassembles a raw MSIL byte array passed in from a MethodInfo object in a manner similar to that of Ildasm. -#### `Get-KernelModuleInfo` +#### `Get-NtSystemInformation` -Returns loaded kernel module information. +A utility that calls and parses the output of the ntdll!NtQuerySystemInformation function. This utility can be used to query internal OS information that is typically not made visible to a user. #### `Get-StructFromMemory` @@ -100,6 +100,10 @@ A proxy function used to extend the built-in Get-Member cmdlet. It adds the '-Pr Dumps strings from files in both Unicode and Ascii. This cmdlet replicates the functionality of strings.exe from Sysinternals. +#### `ConvertTo-String` + +Converts the bytes of a file to a string that has a 1-to-1 mapping back to the file's original bytes. ConvertTo-String is useful for performing binary regular expressions. + #### `Get-MethodAddress` Get the unmanaged function address of a .NET method. -- cgit v1.2.3