From 3c87916e19a942d3168cbe8cf37d0e380cdd865b Mon Sep 17 00:00:00 2001
From: bitform <matt@exploit-monday.com>
Date: Sat, 19 Jan 2013 18:59:40 -0500
Subject: Renamed RE_Tools. Now ReverseEngineering module

* I renamed RE_Tools to ReverseEngineering and made it a module.
* Slight consistency modifications were made to documentation.
* This is one step in the process of modularizing all of PowerSploit.
---
 .../Get-KernelModuleInfo.format.ps1xml             | 83 ++++++++++++++++++++++
 1 file changed, 83 insertions(+)
 create mode 100644 ReverseEngineering/Get-KernelModuleInfo.format.ps1xml

(limited to 'ReverseEngineering/Get-KernelModuleInfo.format.ps1xml')
diff --git a/ReverseEngineering/Get-KernelModuleInfo.format.ps1xml b/ReverseEngineering/Get-KernelModuleInfo.format.ps1xml
new file mode 100644
index 0000000..3e3f347
--- /dev/null
+++ b/ReverseEngineering/Get-KernelModuleInfo.format.ps1xml
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="utf-8" ?>
+<Configuration>
+  <DefaultSettings>
+    <EnumerableExpansions>
+        <EnumerableExpansion>
+            <Expand>Both</Expand>
+        </EnumerableExpansion>
+    </EnumerableExpansions>
+  </DefaultSettings>
+    <ViewDefinitions>
+        <View>
+            <Name>SystemModuleView</Name>
+                <ViewSelectedBy>
+		            <TypeName>SystemInformation.SYSTEM_MODULE</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <AutoSize/>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>ImageBaseAddress</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ImageSize</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Flags</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Id</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Rank</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>W018</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>NameOffset</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Name</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.ImageBaseAddress.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ImageSize</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Flags</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Id</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Rank</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>w018</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>NameOffset</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Name</PropertyName>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
+    </ViewDefinitions>
+</Configuration>
\ No newline at end of file
-- 
cgit v1.2.3

