This repository has been archived by the owner on May 31, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 44
/
Copy pathListDlls.ps1
79 lines (73 loc) · 2.15 KB
/
ListDlls.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
<#
.Synopsis
Gets the DLLs loaded by processes on the system.
.DESCRIPTION
Gets the DLLs loaded by processes on the system.
.EXAMPLE
Get-Dll -ProcessName Notepad
.EXAMPLE
Get-Dll -ModuleName mydll.dll
#>
function Get-Dll
{
[CmdletBinding()]
param(
# The process to get the DLLs of
[Parameter(ValueFromPipeline=$true, ParameterSetName="Process")]
[System.Diagnostics.Process]$Process,
# The process name to get the DLLs of
[Parameter(ValueFromPipeline=$true, ParameterSetName="ProcessName")]
[String]$ProcessName = "",
# The process ID to get the DLLs of
[Parameter(ValueFromPipeline=$true, ParameterSetName="ProcessId")]
[Int]$ProcessId = 0,
# The module name to search for
[Parameter()]
[String]$ModuleName,
# Whether to returned only unsigned modules
[Parameter()]
[Switch]$Unsigned
)
Begin{
$script:Modules = @()
$script:Processes = @()
}
Process {
if ($Process -ne $null)
{
$Modules += $Process.Modules
}
elseif (-not [String]::IsNullOrEmpty($ProcessName))
{
$Modules += Get-Process -Name $ProcessName | Select-Object -ExpandProperty Modules
}
elseif ($ProcessId -ne 0)
{
$Modules += Get-Process -Id $ProcessId | Select-Object -ExpandProperty Modules
}
elseif(-not [String]::IsNullOrEmpty($ModuleName))
{
$Processes = Get-Process | Where-Object { ($_.Modules).ModuleName -Contains $ModuleName }
}
else
{
$Modules += Get-Process | Select-Object -ExpandProperty Modules
}
}
End {
if ($Processes.Length -gt 0)
{
$Processes
return
}
if (-not [String]::IsNullOrEmpty($ModuleName))
{
$Modules = $Modules | Where-Object { $_.ModuleName -eq $ModuleName }
}
if ($Unsigned)
{
$Modules = $Modules | Where { -not [PoshInternals.AuthenticodeTools]::IsTrusted($_.FileName) }
}
$Modules
}
}