Posts Tagged ‘win32’

PoshInternals – Multi Desktop Support

One really neat SysInternals tool is Desktops. It allows for managing several virtual workspaces, know as desktops on Windows machines. Unlike Linux that offers a builtin way to transfer between desktops, Windows does not natively expose a way to do so. The cmdlets added to PoshInternals now allow you to manage these virtual desktops right […]

PoshInternals – Get-Dll

The ListDlls SysInternals tool is used to list the DLLs that are loaded into processes on the system. It can either return DLLs for all processes, a single process or return processes that contain a particular DLL. It also has the ability to flag DLLs that are rebased and unsigned. Most of this functionality is […]

PoshInternals – Move-FileOnReboot, Remove-FileOnReboot and Get-PendingFileRenameOperation

Other posts found in this series PoshInternals – Get-Handle Another cool tool in the SysInternals suite is MoveFile and PendMoves. Rather than moving the file immediately the tool is used to move, rename or delete a file on restart. The System Manager looks at a special registry key to determine which files to are candidates […]

PoshInternals – Get-Handle

Other posts found in this series PostInternals – Move-FileOnReboot, Remove-FileOnReboot, Get-PendingFileRenameOperation The SysInternals suite is a collection of tools authored by┬áMark Russinovich. The tools offer all kinds of deep system analysis for Windows. Some of the most commonly used tools include Process Explorer, Process Monitor and psexec. I use them all the time. After much […]

Using Unregistered COM Objects in PowerShell

PowerShell interops with COM components beautifully. It’s very easy to instantiate and discover what a COM object can do. This makes working with legacy systems much easier. One problem with COM is that it requires a component to be registered on the system for it to be used. Thus it requires administrative┬áprivileges. Recently, I have […]

Detouring Win32 Function Calls in PowerShell

Detouring Win32 API function calls is a more common practice than some may think. A long standing Microsoft research project has made this very easy in unmanaged code. The Detours project injects a hook in between a process and a Windows library (or any library for that matter). So when the process goes to call […]