ReverseEngineering/ProcessModuleTrace.format.ps1xml
|
<?xml version="1.0" encoding="utf-8" ?> <Configuration> <ViewDefinitions> <View> <Name>ProcessModuleTraceView</Name> <ViewSelectedBy> <TypeName>LOADED_MODULE</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>TimeCreated</PropertyName> </ListItem> <ListItem> <PropertyName>ProcessId</PropertyName> </ListItem> <ListItem> <PropertyName>FileName</PropertyName> </ListItem> <ListItem> <Label>ImageBase</Label> <ScriptBlock>"0x$($_.ImageBase.ToString("X$([IntPtr]::Size * 2)"))"</ScriptBlock> </ListItem> <ListItem> <PropertyName>ImageSize</PropertyName> <FormatString>0x{0:X8}</FormatString> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> </ViewDefinitions> </Configuration> |