Skip to content

Instantly share code, notes, and snippets.

View Dump-GUY's full-sized avatar

Dump-GUY

584 followers · 56 following
View GitHub Profile
@Dump-GUY
Dump-GUY / DtraceOnWindows.md
Created January 8, 2025 22:22 — forked from richinseattle/DtraceOnWindows.md

DTrace for Windows

https://github.com/microsoft/DTrace-on-Windows

Overview

DTrace for Windows is a port of the opensource release of DTrace originally developed by Sun for Solaris in 2005. DTrace allows for high performance function tracing with access to typed arguments and statistical event collection. DTrace utilizes several types of instrumentation or trace frameworks provided by Windows including ETW, a system call tracer, a kernel function tracer, and a userland function tracer.

Installation / Build Notes

@Dump-GUY
Dump-GUY / PE-Inspect-PortableExecutable-Namespace.ps1
Created March 4, 2025 01:55
PowerShell (pwsh): PE-Inspect-PortableExecutable-Namespace
function Expand-Properties($Object, $Depth = 5, $Indent = 0) {
if ($Depth -le 0 -or $null -eq $Object) { return } $prefix = " " * $Indent
$Object | gm -m Property | % {
$pValue = $Object.$($_.Name)
if ($pValue -is [Enum]) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue }
elseif ($null -eq $pValue) { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "(null)" -F Blue }
elseif ($pValue -is [Collections.IEnumerable] -and $pValue -isnot [string]) { Write-Host "$prefix$($_.Name): " -F Green; $pValue | % { Expand-Properties $_ ($Depth - 1) ($Indent + 4) } }
elseif ($pValue -is [PSObject] -or $pValue.GetType().Namespace -match "^System.Reflection") { Write-Host "$prefix$($_.Name): " -F Green; Expand-Properties $pValue ($Depth - 1) ($Indent + 4) }
else { Write-Host "$prefix$($_.Name): " -F Green -N; Write-Host "$pValue" -F Blue }}}
Expand-Properties ([Reflection.PortableExecutable.PEReader]::new([IO.File]::OpenRead([IO.Path]::G