From ea0dc9a2b8c51c1f861b0174d61fa1fb2aaf5be6 Mon Sep 17 00:00:00 2001 From: Matt Graeber Date: Sun, 12 May 2013 10:27:15 -0400 Subject: Added Get-NtSystemInformation Get-NtSystemInformation is a wrapper function for NtQuerySystemInformation. It is a swiss-army knife tool for obtaining internal OS information. It can currently be used to query the following: global flags, handles, objects, kernel pool allocations, and loaded kernel modules --- ReverseEngineering/ReverseEngineering.psd1 | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) (limited to 'ReverseEngineering/ReverseEngineering.psd1') diff --git a/ReverseEngineering/ReverseEngineering.psd1 b/ReverseEngineering/ReverseEngineering.psd1 index 9640e21..07428cc 100644 --- a/ReverseEngineering/ReverseEngineering.psd1 +++ b/ReverseEngineering/ReverseEngineering.psd1 @@ -52,7 +52,7 @@ PowerShellVersion = '2.0' # TypesToProcess = @() # Format files (.ps1xml) to be loaded when importing this module -FormatsToProcess = 'Get-KernelModuleInfo.format.ps1xml', 'Get-PEB.format.ps1xml' +FormatsToProcess = 'Get-PEB.format.ps1xml', 'Get-NtSystemInformation.format.ps1xml' # Modules to import as nested modules of the module specified in RootModule/ModuleToProcess # NestedModules = @() @@ -73,9 +73,10 @@ AliasesToExport = '' ModuleList = @(@{ModuleName = 'ReverseEngineering'; ModuleVersion = '1.0.0.0'; GUID = 'cbffaf47-c55a-4901-92e7-8d794fbe1fff'}) # List of all files packaged with this module -FileList = 'ReverseEngineering.psm1', 'ReverseEngineering.psd1', 'Get-ILDisassembly.ps1', 'Get-KernelModuleInfo.format.ps1xml', - 'Get-KernelModuleInfo.ps1', 'Get-Member.ps1', 'Get-MethodAddress.ps1', 'Get-PEB.format.ps1xml', - 'Get-PEB.ps1', 'Get-Strings.ps1', 'Get-StructFromMemory.ps1', 'Usage.md' +FileList = 'ReverseEngineering.psm1', 'ReverseEngineering.psd1', 'Get-ILDisassembly.ps1', 'Get-NtSystemInformation.format.ps1xml', + 'Get-NtSystemInformation.ps1', 'Get-Member.ps1', 'Get-MethodAddress.ps1', 'Get-PEB.format.ps1xml', + 'Get-PEB.ps1', 'Get-Strings.ps1', 'Get-StructFromMemory.ps1', 'ConvertTo-String.ps1', + 'Usage.md' # Private data to pass to the module specified in RootModule/ModuleToProcess # PrivateData = '' -- cgit v1.2.3