-
Notifications
You must be signed in to change notification settings - Fork 17
/
ScanDll_v2.ps1
49 lines (43 loc) · 1.58 KB
/
ScanDll_v2.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
$csharpCode = @"
using System;
using System.Diagnostics;
using System.IO;
using System.Security.Principal;
public class DllScanner
{
public static void ScanForDll(string dllKeyword)
{
string logPath = @"C:\windows\temp\results.log";
using (StreamWriter writer = new StreamWriter(logPath, true))
{
writer.WriteLine("[+] Scanning DLLs...");
var principal = new WindowsPrincipal(WindowsIdentity.GetCurrent());
bool isAdmin = principal.IsInRole(WindowsBuiltInRole.Administrator);
if (!isAdmin)
{
writer.WriteLine("[INFO] Running Scanner with limited privileges. This will restrict the scan results. Please run as administrator.");
}
foreach (Process process in Process.GetProcesses())
{
try
{
foreach (ProcessModule module in process.Modules)
{
if (module.FileName.Contains(dllKeyword))
{
writer.WriteLine(string.Format("[+] Discovered Dependency: {0} on Process: {1}", module.FileName, process.ProcessName));
}
}
}
catch (Exception)
{
}
}
}
}
}
"@
Add-Type -TypeDefinition $csharpCode -Language CSharp
# Please make sure to enter the dll file you are searching for here
[dllscanner]::ScanForDll("MODULE_NAME.dll")
# The log file is written to C:\windows\temp\results.log