egru
commented
3 years ago Just tried and it's working for me using PowerShell versions 1 through 5.
PS C:\> Get-PESecurity -file 'C:\Windows\System32\kernel32.dll'
FileName : C:\Windows\System32\kernel32.dll
ARCH : AMD64
DotNET : False
ASLR : True
DEP : True
Authenticode : True
StrongNaming : N/A
SafeSEH : N/A
ControlFlowGuard : True
HighentropyVA : TrueAre you using PowerShell Core or .NET Core?
Hi, I have problem this use.
PS C:\Users\JHW_N-491> Import-Module -FullyQualifiedName 'D:\Work\PESecurity-master\Get-PESecurity.psm1' -DisableNameChecking PS C:\Users\JHW_N-491> Get-Command -Name Get-PESecurity
CommandType Name Version Source
Function Get-PESecurity 0.0 Get-PESecurity
PS C:\Users\JHW_N-491> Get-Help -Name Get-PESecurity
NAME Get-PESecurity
SYNTAX Get-PESecurity [[-File]] [[-Recursive]] [[-SkipAuthenticode]] []
ALIASES None
REMARKS None
PS C:\Users\JHW_N-491> Get-PESecurity -file 'C:\Windows\System32\kernel32.dll' InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:49 Line | 49 | $AssemblyBuilder = $Domain.DefineDynamicAssembly($DynAssembly, 'R … |
~~~~~~~~~~~~~| Method invocation failed because [System.AppDomain] does not contain a method named | 'DefineDynamicAssembly'.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:50 Line | 50 | $Mod = $AssemblyBuilder.DefineDynamicModule($ModuleName, $false) |
~~~~~~~~~~~~~~~~ | You cannot call a method on a null-valued expression.enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:52 Line | 52 | $ImageDosSignature = enumerate $Mod PE.IMAGE_DOS_SIGNATURE UInt16 … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:59 Line | 59 | $ImageFileMachine = enumerate $Mod PE.IMAGE_FILE_MACHINE UInt16 @ … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:91 Line | 91 | $ImageFileCharacteristics = enumerate $Mod PE.IMAGE_FILE_CHARACTE … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:109 Line | 109 | $ImageHdrMagic = enumerate $Mod PE.IMAGE_NT_OPTIONAL_HDR_MAGIC UI … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:114 Line | 114 | $ImageNTSig = enumerate $Mod PE.IMAGE_NT_SIGNATURE UInt32 @{ | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:118 Line | 118 | $ImageSubsystem = enumerate $Mod PE.IMAGE_SUBSYSTEM UInt16 @{ | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:135 Line | 135 | $ImageDllCharacteristics = enumerate $Mod PE.IMAGE_DLLCHARACTERIS … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
enumerate: D:\Work\PESecurity-master\Get-PESecurity.psm1:148 Line | 148 | $ImageScn = enumerate $Mod PE.IMAGE_SCN Int32 @{ | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
field: D:\Work\PESecurity-master\Get-PESecurity.psm1:189 Line | 189 | e_magic = field 0 $ImageDosSignature |
~~~~~~ | Cannot bind argument to parameter 'Type' because it is null.field: D:\Work\PESecurity-master\Get-PESecurity.psm1:211 Line | 211 | Machine = field 0 $ImageFileMachine |
~~~~~ | Cannot bind argument to parameter 'Type' because it is null.struct: D:\Work\PESecurity-master\Get-PESecurity.psm1:220 Line | 220 | $PeImageDataDir = struct $Mod PE.IMAGE_DATA_DIRECTORY @{ | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
field: D:\Work\PESecurity-master\Get-PESecurity.psm1:226 Line | 226 | Magic = field 0 $ImageHdrMagic |
~~~~~~ | Cannot bind argument to parameter 'Type' because it is null.field: D:\Work\PESecurity-master\Get-PESecurity.psm1:260 Line | 260 | Magic = field 0 $ImageHdrMagic |
~~~~~~ | Cannot bind argument to parameter 'Type' because it is null.field: D:\Work\PESecurity-master\Get-PESecurity.psm1:302 Line | 302 | Characteristics = field 9 $ImageScn |
~~~~~ | Cannot bind argument to parameter 'Type' because it is null.struct: D:\Work\PESecurity-master\Get-PESecurity.psm1:305 Line | 305 | $ImageConfigDirectory = struct $Mod PE.IMAGE_LOAD_CONFIG_DIRECTOR … | ~~~~ | Cannot bind argument to parameter 'Module' because it is null.
field: D:\Work\PESecurity-master\Get-PESecurity.psm1:340 Line | 340 | Signature = field 0 $ImageNTSig |
~~~ | Cannot bind argument to parameter 'Type' because it is null.field: D:\Work\PESecurity-master\Get-PESecurity.psm1:346 Line | 346 | Signature = field 0 $ImageNTSig |
~~~ | Cannot bind argument to parameter 'Type' because it is null.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:424 Line | 424 | $DosHeader = $PEBaseAddr -as $ImageDosHeader |
~~~~~~~~~~~~ | The right operand of '-as' must be a type.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:430 Line | 430 | $NTHeader = $PointerNtHeader -as $ImageNTHdrs |
~~~~~~~~~| The right operand of '-as' must be a type.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:451 Line | 451 | if($NTHeader.OptionalHeader.DataDirectory[14].VirtualAddress -ne … |
~~~~~~~~~~~~~~ | Cannot index into a null array.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:455 Line | 455 | $ARCH = $NTHeader.FileHeader.Machine.toString() |
~~~~~~~~~~~ | You cannot call a method on a null-valued expression.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:456 Line | 456 | $FileCharacteristics = $NTHeader.FileHeader.Characteristics.toStr … |
~~~~~~~~~~~~~| You cannot call a method on a null-valued expression.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:457 Line | 457 | $DllCharacteristics = $NTHeader.OptionalHeader.DllCharacteristics … |
~~~~~~~~~~~~~| You cannot call a method on a null-valued expression.MethodInvocationException: D:\Work\PESecurity-master\Get-PESecurity.psm1:609 Line | 609 | $PointerSectionHeader = [IntPtr] ($PointerNtHeader.ToInt64() + [Sys … |
~~~~~~~~~~~~~~~ | Exception calling "SizeOf" with "1" argument(s): "Value cannot be null. (Parameter 't')"New-Object: D:\Work\PESecurity-master\Get-PESecurity.psm1:611 Line | 611 | $SectionHeaders = @(New-Object $ImageSectionHdrs) * $NumSections |
~~~~~ | Cannot bind argument to parameter 'TypeName' because it is null.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:615 Line | 615 | $SectionHeaders[$i] = [System.Runtime.InteropServices.Marshal]::P … |
~~~~~~~~~~~~~| You cannot call a method on a null-valued expression.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:615 Line | 615 | $SectionHeaders[$i] = [System.Runtime.InteropServices.Marshal]::P … |
~~~~~~~~~~~~~| You cannot call a method on a null-valued expression.InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:617 Line | 617 | $ConfigPointer = [IntPtr] ($PEBaseAddr.ToInt64() + $NTHeader.Option … |
~~~~~~~~~~~~~~~ | Cannot index into a null array.Convert-RVAToFileOffset: D:\Work\PESecurity-master\Get-PESecurity.psm1:618 Line | 618 | $ConfigPointer = Convert-RVAToFileOffset $ConfigPointer |
~~~~~~ | Cannot process argument transformation on parameter 'Rva'. Cannot convert null to type "System.IntPtr".InvalidArgument: D:\Work\PESecurity-master\Get-PESecurity.psm1:619 Line | 619 | $ConfigDirectory = [System.Runtime.InteropServices.Marshal]::PtrToS … |
~~~~~~~~~~~~~~~ | Cannot convert null to type "System.IntPtr".InvalidOperation: D:\Work\PESecurity-master\Get-PESecurity.psm1:623 Line | 623 | if($NTHeader.OptionalHeader.DataDirectory[10].VirtualAddress -eq 0) |
~~~~~~~~~~~~~~~ | Cannot index into a null array.FileName : C:\Windows\System32\kernel32.dll ARCH : DotNET : False ASLR : False DEP : False Authenticode : True StrongNaming : N/A SafeSEH : False ControlFlowGuard : False HighentropyVA : False
Do you have any idea?