PoshCode Archive  Artifact [ebb27225e8]

Check-ins Using Download Hex

Artifact ebb27225e82a8b5444686961c4a2c7ccb4ce09147b199b76bcc0ad109527d49c:

  • File Expand-PEInfo-fix-1.ps1 — part of check-in [6fe1874394] at 2018-06-10 13:45:32 on branch trunk — first fix for Expand-PEInfo (http://poshcode.org/4764) (user: greg zakharov size: 3196) 
# encoding: ascii
# api: powershell
# title: Expand-PEInfo (fix 1)
# description: first fix for Expand-PEInfo (http://poshcode.org/4764)
# version: 0.1
# type: function
# author: greg zakharov
# license: CC0
# function: Trace-BinaryReader
# x-poshcode-id: 4765
# x-archived: 2014-01-06T04:10:33
# x-published: 2014-01-03T12:10:00
#
#
function script:Get-Class([String]$Assembly, [String]$Class) {
  return ([AppDomain]::CurrentDomain.GetAssemblies() | ? {
    $_.Location.Split('\')[-1].Equals($Assembly)
  }).GetType($Class)
}

function script:Test-Assembly([String]$Wildcard) {
  if (-not $Wildcard.EndsWith('*')) {$Wildcard += '*'}
  
  return (([AppDomain]::CurrentDomain.GetAssemblies() | ? {
    $_.FullName -like $Wildcard
  }) -ne $null)
}

function script:Get-PEValues([String]$FileName) {
  begin {
    if (-not (Test-Assembly System.Deployment)) {
      Add-Type -Assembly System.Deployment
    }

    $PEStream = Get-Class System.Deployment.dll System.Deployment.Application.PEStream
    
    $IMAGE_DOS_HEADER        = [Activator]::CreateInstance(
      $PEStream.GetNestedType('IMAGE_DOS_HEADER', 'NonPublic')
    )
    $IMAGE_FILE_HEADER       = [Activator]::CreateInstance(
      $PEStream.GetNestedType('IMAGE_FILE_HEADER', 'NonPublic')
    )
    $IMAGE_OPTIONAL_HEADER32 = [Activator]::CreateInstance(
      $PEStream.GetNestedType('IMAGE_OPTIONAL_HEADER32', 'NonPublic')
    )
    
    function Trace-BinaryReader([IO.BinaryReader]$reader, [Object]$data) {
      $bytes = $br.ReadBytes(
        [Runtime.InteropServices.Marshal]::SizeOf($data)
      )
      $hndl = [Runtime.InteropServices.GCHandle]::Alloc(
        $bytes, [Runtime.InteropServices.GCHandleType]::Pinned
      )
      $struct = [Runtime.InteropServices.Marshal]::PtrToStructure(
        $hndl.AddrOfPinnedObject(), $data.GetType()
      )
      $hndl.Free()
      
      return $struct
    }
    
    function Trace-TimeStamp([Object]$stamp) {
      return [TimeZone]::CurrentTimeZone.ToLocalTime(
        ([DateTime]'1.1.1970').AddSeconds($stamp)
      )
    }
    
    function Format-Output([Object]$type) {
      $type.PSObject.Properties | % {'{0, 16} {1}' -f ('{0:X}' -f $_.Value), $_.Name}
    }
  }
  process {
    try {
      $fs = New-Object IO.FileStream($FileName, [IO.FileMode]::Open, [IO.FileAccess]::Read)
      $br = New-Object IO.BinaryReader($fs)
      
      $dos = Trace-BinaryReader $br $IMAGE_DOS_HEADER
      [void]$fs.Seek($dos.e_lfanew, [IO.SeekOrigin]::Begin)
      $sig = $br.ReadUInt32()
      
      $fh = Trace-BinaryReader $br $IMAGE_FILE_HEADER
      if ($fh.Machine -eq 0x14c) {
        $pe32 = Trace-BinaryReader $br $IMAGE_OPTIONAL_HEADER32
      }
      
    }
    finally {
      if ($br -ne $null) {$br.Close()}
      if ($fs -ne $null) {$fs.Close()}
    }
  }
  end {
    "FILE HEADER VALUES`n$('-' * 35)"
    Format-Output $fh
    "$('-' * 35)`nTime date stamp $(Trace-TimeStamp $fh.TimeDateStamp)"
    "Machine type is $(switch($fh.Machine){0x14c{'32-bit'}0x200{'Itanium'}0x8664{'64-bit'}})"
    "`n`nOPTIONAL HEADER VALUES`n$('-' * 35)"
    Format-Output $pe32
  }
}
Fossil 2.20 [0d61fd2310] 2022-10-28 19:48:33
This page was generated in about 0.011s