PETools/PETools.format.ps1xml
|
<?xml version="1.0" encoding="utf-8" ?> <Configuration> <SelectionSets> <SelectionSet> <Name>OptionHeaderTypes</Name> <Types> <TypeName>PE+_IMAGE_OPTIONAL_HEADER32</TypeName> <TypeName>PE+_IMAGE_OPTIONAL_HEADER64</TypeName> </Types> </SelectionSet> </SelectionSets> <ViewDefinitions> <View> <Name>PEView</Name> <ViewSelectedBy> <TypeName>PEHeader</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Module</PropertyName> </ListItem> <ListItem> <PropertyName>DOSHeader</PropertyName> </ListItem> <ListItem> <PropertyName>FileHeader</PropertyName> </ListItem> <ListItem> <PropertyName>OptionalHeader</PropertyName> </ListItem> <ListItem> <PropertyName>SectionHeaders</PropertyName> </ListItem> <ListItem> <PropertyName>Imports</PropertyName> </ListItem> <ListItem> <PropertyName>Exports</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>OptionalHeaderView</Name> <ViewSelectedBy> <SelectionSetName>OptionHeaderTypes</SelectionSetName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Magic</PropertyName> </ListItem> <ListItem> <PropertyName>MajorLinkerVersion</PropertyName> </ListItem> <ListItem> <PropertyName>MinorLinkerVersion</PropertyName> </ListItem> <ListItem> <Label>SizeOfCode</Label> <ScriptBlock>"0x$($_.SizeOfCode.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfInitializedData</Label> <ScriptBlock>"0x$($_.SizeOfInitializedData.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfUninitializedData</Label> <ScriptBlock>"0x$($_.SizeOfUninitializedData.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>AddressOfEntryPoint</Label> <ScriptBlock>"0x$($_.AddressOfEntryPoint.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>BaseOfCode</Label> <ScriptBlock>"0x$($_.BaseOfCode.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>BaseOfData</Label> <ScriptBlock>"0x$($_.BaseOfData.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>ImageBase</Label> <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.ImageBase.ToString('X8'))" } else { "0x$($_.ImageBase.ToString('X16'))" }</ScriptBlock> </ListItem> <ListItem> <Label>SectionAlignment</Label> <ScriptBlock>"0x$($_.SectionAlignment.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>FileAlignment</Label> <ScriptBlock>"0x$($_.FileAlignment.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <PropertyName>MajorOperatingSystemVersion</PropertyName> </ListItem> <ListItem> <PropertyName>MinorOperatingSystemVersion</PropertyName> </ListItem> <ListItem> <PropertyName>MajorSubsystemVersion</PropertyName> </ListItem> <ListItem> <PropertyName>MinorSubsystemVersion</PropertyName> </ListItem> <ListItem> <PropertyName>Win32VersionValue</PropertyName> </ListItem> <ListItem> <Label>SizeOfImage</Label> <ScriptBlock>"0x$($_.SizeOfImage.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfHeaders</Label> <ScriptBlock>"0x$($_.SizeOfHeaders.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <Label>CheckSum</Label> <ScriptBlock>"0x$($_.CheckSum.ToString('X8'))"</ScriptBlock> </ListItem> <ListItem> <PropertyName>Subsystem</PropertyName> </ListItem> <ListItem> <PropertyName>DllCharacteristics</PropertyName> </ListItem> <ListItem> <Label>SizeOfStackReserve</Label> <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackReserve.ToString('X8'))" } else { "0x$($_.SizeOfStackReserve.ToString('X16'))" }</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfStackCommit</Label> <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfStackCommit.ToString('X8'))" } else { "0x$($_.SizeOfStackCommit.ToString('X16'))" }</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfHeapReserve</Label> <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapReserve.ToString('X8'))" } else { "0x$($_.SizeOfHeapReserve.ToString('X16'))" }</ScriptBlock> </ListItem> <ListItem> <Label>SizeOfHeapCommit</Label> <ScriptBlock>if ($_.Magic.ToString() -eq 'PE32') { "0x$($_.SizeOfHeapCommit.ToString('X8'))" } else { "0x$($_.SizeOfHeapCommit.ToString('X16'))" }</ScriptBlock> </ListItem> <ListItem> <PropertyName>LoaderFlags</PropertyName> </ListItem> <ListItem> <PropertyName>NumberOfRvaAndSizes</PropertyName> </ListItem> <ListItem> <PropertyName>DataDirectory</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>SectionHeaderView</Name> <ViewSelectedBy> <TypeName>PE+_IMAGE_SECTION_HEADER</TypeName> </ViewSelectedBy> <TableControl> <AutoSize/> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>Right</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>VirtualSize</Label> </TableColumnHeader> <TableColumnHeader> <Label>VirtualAddress</Label> </TableColumnHeader> <TableColumnHeader> <Label>SizeOfRawData</Label> </TableColumnHeader> <TableColumnHeader> <Label>PointerToRawData</Label> </TableColumnHeader> <TableColumnHeader> <Label>Characteristics</Label> <Alignment>Left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <Alignment>Right</Alignment> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>"0x$($_.VirtualSize.ToString('X8'))"</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>"0x$($_.SizeOfRawData.ToString('X8'))"</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>"0x$($_.PointerToRawData.ToString('X8'))"</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Characteristics</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileHeaderView</Name> <ViewSelectedBy> <TypeName>PE+_IMAGE_FILE_HEADER</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Machine</PropertyName> </ListItem> <ListItem> <PropertyName>NumberOfSections</PropertyName> </ListItem> <ListItem> <Label>TimeDateStamp</Label> <!-- GMT compile time --> <ScriptBlock>(New-Object DateTime(1970, 1, 1, 0, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> <!-- Compile time assuming it was compiled in Redmond, Washington (PST - GMT-8) --> <!-- <ScriptBlock>(New-Object DateTime(1969, 12, 31, 16, 0, 0)).AddSeconds($_.TimeDateStamp)</ScriptBlock> --> </ListItem> <ListItem> <PropertyName>PointerToSymbolTable</PropertyName> </ListItem> <ListItem> <PropertyName>NumberOfSymbols</PropertyName> </ListItem> <ListItem> <PropertyName>SizeOfOptionalHeader</PropertyName> </ListItem> <ListItem> <PropertyName>Characteristics</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>DataDirectoryView</Name> <ViewSelectedBy> <TypeName>PE+_IMAGE_DATA_DIRECTORY</TypeName> </ViewSelectedBy> <TableControl> <AutoSize/> <TableHeaders> <TableColumnHeader> <Label>VirtualAddress</Label> </TableColumnHeader> <TableColumnHeader> <Label>Size</Label> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>"0x$($_.VirtualAddress.ToString('X8'))"</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>"0x$($_.Size.ToString('X8'))"</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ImportView</Name> <ViewSelectedBy> <TypeName>Import</TypeName> </ViewSelectedBy> <TableControl> <AutoSize/> <TableHeaders> <TableColumnHeader> <Label>ModuleName</Label> <Alignment>Right</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>VA/FT</Label> </TableColumnHeader> <TableColumnHeader> <Label>Ordinal</Label> </TableColumnHeader> <TableColumnHeader> <Label>FunctionName</Label> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <Alignment>Right</Alignment> <PropertyName>ModuleName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>RVA</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Ordinal</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FunctionName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ExportView</Name> <ViewSelectedBy> <TypeName>Export</TypeName> </ViewSelectedBy> <TableControl> <AutoSize/> <TableHeaders> <TableColumnHeader> <Label>RVA</Label> </TableColumnHeader> <TableColumnHeader> <Label>Ordinal</Label> </TableColumnHeader> <TableColumnHeader> <Label>FunctionName</Label> </TableColumnHeader> <TableColumnHeader> <Label>ForwardedName</Label> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>RVA</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Ordinal</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FunctionName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ForwardedName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> </ViewDefinitions> </Configuration> |