From 2f4c2f8be20636fdff9ca4babbccd59e70ab03ef Mon Sep 17 00:00:00 2001
From: bitform <matt@exploit-monday.com>
Date: Sun, 16 Dec 2012 15:00:30 -0500
Subject: Added Get-KernelModuleInfo

Returns loaded kernel module information.
---
 RE_Tools/Get-KernelModuleInfo.format.ps1xml | 83 +++++++++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 RE_Tools/Get-KernelModuleInfo.format.ps1xml

(limited to 'RE_Tools/Get-KernelModuleInfo.format.ps1xml')
diff --git a/RE_Tools/Get-KernelModuleInfo.format.ps1xml b/RE_Tools/Get-KernelModuleInfo.format.ps1xml
new file mode 100644
index 0000000..3e3f347
--- /dev/null
+++ b/RE_Tools/Get-KernelModuleInfo.format.ps1xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+  <DefaultSettings>
+    <EnumerableExpansions>
+        <EnumerableExpansion>
+            <Expand>Both</Expand>
+        </EnumerableExpansion>
+    </EnumerableExpansions>
+  </DefaultSettings>
+    <ViewDefinitions>
+        <View>
+            <Name>SystemModuleView</Name>
+                <ViewSelectedBy>
+		            <TypeName>SystemInformation.SYSTEM_MODULE</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>ImageBaseAddress</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ImageSize</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Flags</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Id</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Rank</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>W018</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>NameOffset</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Name</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ImageSize</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Flags</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Id</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Rank</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>w018</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>NameOffset</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Name</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+    </ViewDefinitions>
+</Configuration>
\ No newline at end of file
-- 
cgit v1.2.3

