Skip to content

armaber/scripts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

63 Commits
DecodeIoctl
DecodeIoctl
 
 
DisassembleImage
DisassembleImage
 
 
GenerateEtl
GenerateEtl
 
 
NativeHotPlugSupport
NativeHotPlugSupport
 
 
PCITree
PCITree
 
 
WinSlashMemory
WinSlashMemory
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

Repository for lightweight scripts, mostly PowerShell, to query OS services.

  • IoDecode.ps1 shows the human readable IOCTL given a number. It keeps a local cache, in case the SDK is not installed. Otherwise, the header files are parsed.
  • UfSymbol.ps1 disassemble the Windows kernel or a Memory.DMP file to build a call tree.
  • GenerateEtl.ps1 automate ETL provider configuration = start + stop, autostart, decode resulting file to interpret the traces.
  • PCITree.ps1 view the PCI tree on UEFI systems, like Device Manager. Output rendered to console or as .html file, with a progress bar for large topologies.
  • WinSlashMemory.py a python middleware + driver that maps any I/O PAGE_SIZE for read or write.

About

No description, website, or topics provided.

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages