# encoding: ascii
# api: powershell
# title: Get-PEManifest
# description: this is simplest (and correct) way to dump mainifest of PE
# version: 0.1
# type: function
# author: greg zakharov
# license: CC0
# function: Get-PEManifest
# x-poshcode-id: 4759
# x-archived: 2014-01-04T21:34:41
# x-published: 2014-01-02T07:50:00
#
#
function Get-PEManifest {
<#
.EXAMPLE
PS C:\>Get-PEManifets E:\SysInternals\whois.exe
.NOTES
Author: greg zakharov
#>
[CmdletBinding(SupportsShouldProcess=$true)]
param(
[Parameter(Mandatory=$true, Position=0, ValueFromPipeline=$true)]
[ValidateScript({Test-Path $_})]
[String]$FileName
)
begin {
Add-Type -Assembly System.Deployment
$SystemUtilsType = ([AppDomain]::CurrentDomain.GetAssemblies() | ? {
$_.Location.Split('\')[-1].Equals('System.Deployment.dll')
}).GetType('System.Deployment.Application.Win32InterOp.SystemUtils')
$SystemUtilsClass = [Activator]::CreateInstance($SystemUtilsType)
}
process {
if ($PSCmdlet.ShouldProcess($FileName, 'Dumping manifest of')) {
try {
-join ($SystemUtilsClass.GetType().InvokeMember('GetManifestFromPEResources',
[Reflection.BindingFlags]'Public, Static, InvokeMethod', $null,
$SystemUtilsType, @($FileName)) | % {[Char]$_})
}
catch {}
}
}
end {}
}