Gh0st
/
PowerSploit
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
PowerSploit/PETools/PETools.format.ps1xml

375 lines
18 KiB
XML
Raw Blame History

<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
<SelectionSets>
<SelectionSet>
<Name>OptionHeaderTypes</Name>
<Types>
<TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName>
<TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName>
</Types>
</SelectionSet>
</SelectionSets>
<ViewDefinitions>
<View>
<Name>PEView</Name>
<ViewSelectedBy>
<TypeName>PEHeader</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Module</PropertyName>
</ListItem>
<ListItem>
<PropertyName>DOSHeader</PropertyName>
</ListItem>
<ListItem>
<PropertyName>FileHeader</PropertyName>
</ListItem>
<ListItem>
<PropertyName>OptionalHeader</PropertyName>
</ListItem>
<ListItem>
<PropertyName>SectionHeaders</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Imports</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Exports</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
<View>
<Name>OptionalHeaderView</Name>
<ViewSelectedBy>
<SelectionSetName>OptionHeaderTypes</SelectionSetName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Magic</PropertyName>
</ListItem>
<ListItem>
<PropertyName>MajorLinkerVersion</PropertyName>
</ListItem>
<ListItem>
<PropertyName>MinorLinkerVersion</PropertyName>
</ListItem>
<ListItem>
<Label>SizeOfCode</Label>
<ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfInitializedData</Label>
<ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfUninitializedData</Label>
<ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>AddressOfEntryPoint</Label>
<ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>BaseOfCode</Label>
<ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>BaseOfData</Label>
<ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>ImageBase</Label>
<ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock>
</ListItem>
<ListItem>
<Label>SectionAlignment</Label>
<ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>FileAlignment</Label>
<ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<PropertyName>MajorOperatingSystemVersion</PropertyName>
</ListItem>
<ListItem>
<PropertyName>MinorOperatingSystemVersion</PropertyName>
</ListItem>
<ListItem>
<PropertyName>MajorSubsystemVersion</PropertyName>
</ListItem>
<ListItem>
<PropertyName>MinorSubsystemVersion</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Win32VersionValue</PropertyName>
</ListItem>
<ListItem>
<Label>SizeOfImage</Label>
<ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfHeaders</Label>
<ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<Label>CheckSum</Label>
<ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock>
</ListItem>
<ListItem>
<PropertyName>Subsystem</PropertyName>
</ListItem>
<ListItem>
<PropertyName>DllCharacteristics</PropertyName>
</ListItem>
<ListItem>
<Label>SizeOfStackReserve</Label>
<ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfStackCommit</Label>
<ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfHeapReserve</Label>
<ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock>
</ListItem>
<ListItem>
<Label>SizeOfHeapCommit</Label>
<ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock>
</ListItem>
<ListItem>
<PropertyName>LoaderFlags</PropertyName>
</ListItem>
<ListItem>
<PropertyName>NumberOfRvaAndSizes</PropertyName>
</ListItem>
<ListItem>
<PropertyName>DataDirectory</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
<View>
<Name>SectionHeaderView</Name>
<ViewSelectedBy>
<TypeName>PE+_IMAGE_SECTION_HEADER</TypeName>
</ViewSelectedBy>
<TableControl>
<AutoSize/>
<TableHeaders>
<TableColumnHeader>
<Label>Name</Label>
<Alignment>Right</Alignment>
</TableColumnHeader>
<TableColumnHeader>
<Label>VirtualSize</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>VirtualAddress</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>SizeOfRawData</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>PointerToRawData</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Characteristics</Label>
<Alignment>Left</Alignment>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<Alignment>Right</Alignment>
<PropertyName>Name</PropertyName>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Characteristics</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
<View>
<Name>FileHeaderView</Name>
<ViewSelectedBy>
<TypeName>PE+_IMAGE_FILE_HEADER</TypeName>
</ViewSelectedBy>
<ListControl>
<ListEntries>
<ListEntry>
<ListItems>
<ListItem>
<PropertyName>Machine</PropertyName>
</ListItem>
<ListItem>
<PropertyName>NumberOfSections</PropertyName>
</ListItem>
<ListItem>
<Label>TimeDateStamp</Label>
<!-- GMT compile time -->
<ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock>
<!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) -->
<!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> -->
</ListItem>
<ListItem>
<PropertyName>PointerToSymbolTable</PropertyName>
</ListItem>
<ListItem>
<PropertyName>NumberOfSymbols</PropertyName>
</ListItem>
<ListItem>
<PropertyName>SizeOfOptionalHeader</PropertyName>
</ListItem>
<ListItem>
<PropertyName>Characteristics</PropertyName>
</ListItem>
</ListItems>
</ListEntry>
</ListEntries>
</ListControl>
</View>
<View>
<Name>DataDirectoryView</Name>
<ViewSelectedBy>
<TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName>
</ViewSelectedBy>
<TableControl>
<AutoSize/>
<TableHeaders>
<TableColumnHeader>
<Label>VirtualAddress</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Size</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
<TableColumnItem>
<ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
<View>
<Name>ImportView</Name>
<ViewSelectedBy>
<TypeName>Import</TypeName>
</ViewSelectedBy>
<TableControl>
<AutoSize/>
<TableHeaders>
<TableColumnHeader>
<Label>ModuleName</Label>
<Alignment>Right</Alignment>
</TableColumnHeader>
<TableColumnHeader>
<Label>VA/FT</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Ordinal</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>FunctionName</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<Alignment>Right</Alignment>
<PropertyName>ModuleName</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>RVA</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Ordinal</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>FunctionName</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
<View>
<Name>ExportView</Name>
<ViewSelectedBy>
<TypeName>Export</TypeName>
</ViewSelectedBy>
<TableControl>
<AutoSize/>
<TableHeaders>
<TableColumnHeader>
<Label>RVA</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>Ordinal</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>FunctionName</Label>
</TableColumnHeader>
<TableColumnHeader>
<Label>ForwardedName</Label>
</TableColumnHeader>
</TableHeaders>
<TableRowEntries>
<TableRowEntry>
<TableColumnItems>
<TableColumnItem>
<PropertyName>RVA</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>Ordinal</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>FunctionName</PropertyName>
</TableColumnItem>
<TableColumnItem>
<PropertyName>ForwardedName</PropertyName>
</TableColumnItem>
</TableColumnItems>
</TableRowEntry>
</TableRowEntries>
</TableControl>
</View>
</ViewDefinitions>
</Configuration>
Reference in New Issue View Git Blame Copy Permalink