search

PowerShellMafia / PowerSploit

PowerSploit - A PowerShell Post-Exploitation Framework
Other
11.93k stars 4.61k forks source link

Get-PEHeader: Add Importing/ExportingModule to Dll Imports and Exports #46

Closed powercode closed 10 years ago

powercode commented 10 years ago

How do you feel about adding an extra field with the module name to the objects representing Import and Export table items?

Maybe Importer and Exporter? Or ImportingModule and ExportingModule?

It would make it easer to process them in a pipeline. Ex: Get-PEHeader *.dll | % Imports | where FunctionName -eq realloc | where ModuleName -eq msvcrt.dll | foreach Importer

Get-PEHeader *.dll | % Exports | where FunctionName -eq realloc | where ModuleName -eq msvcrt.dll | foreach Exporter

I'd be happy to send you a pull request if you like the idea.

mattifestation commented 10 years ago

Done. You'll find the Import and Export descriptor tables in the new Get-PE in PowerShellArsenal - https://github.com/mattifestation/PowerShellArsenal/blob/master/Parsers/Get-PE.ps1

Thanks, Matt