From c98734a764f790e56a5acbd46d37c7e53e9aa24e Mon Sep 17 00:00:00 2001
From: Matt Graeber <mattgraeber@gmail.com>
Date: Thu, 16 May 2013 20:21:04 -0400
Subject: Added _SYSTEM_LOCK_INFORMATION struct

Yet another method of leaking kernel pointers.
---
 .../Get-NtSystemInformation.format.ps1xml          | 64 ++++++++++++++++++++++
 1 file changed, 64 insertions(+)

(limited to 'ReverseEngineering/Get-NtSystemInformation.format.ps1xml')

diff --git a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
index 5719d67..5b7d700 100644
--- a/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
+++ b/ReverseEngineering/Get-NtSystemInformation.format.ps1xml
@@ -72,6 +72,70 @@
                     </TableRowEntries>
                 </TableControl>
         </View>
+        <View>
+            <Name>SystemLockView</Name>
+                <ViewSelectedBy>
+		            <TypeName>_SYSTEM_LOCK_INFORMATION</TypeName>
+		        </ViewSelectedBy>
+                <TableControl>
+                    <TableHeaders>
+                        <TableColumnHeader>
+                            <Label>Address</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>Type</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ExclusiveOwnerThreadId</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ActiveCount</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>ContentionCount</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>NumberOfSharedWaiters</Label>
+                        </TableColumnHeader>
+                        <TableColumnHeader>
+                            <Label>NumberOfExclusiveWaiters</Label>
+                        </TableColumnHeader>
+                    </TableHeaders>
+                    <TableRowEntries>
+                        <TableRowEntry>
+                            <TableColumnItems>
+                                <TableColumnItem>
+                                    <ScriptBlock>"0x$($_.Address.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>Type</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ExclusiveOwnerThreadId</PropertyName>
+                                    <FormatString>0x{0:X4}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ActiveCount</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>ContentionCount</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>NumberOfSharedWaiters</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                                <TableColumnItem>
+                                    <PropertyName>NumberOfExclusiveWaiters</PropertyName>
+                                    <FormatString>0x{0:X8}</FormatString>
+                                </TableColumnItem>
+                            </TableColumnItems>
+                        </TableRowEntry>
+                    </TableRowEntries>
+                </TableControl>
+        </View>
         <View>
             <Name>PoolTagView</Name>
             <ViewSelectedBy>
-- 
cgit v1.2.3