Skip to content

Commit 5a2becb

Browse files
Dump-GUYDump-GUY
authored
Update readme.md
1 parent cb57e94 commit 5a2becb

File tree

1 file changed

+8
-12
lines changed

1 file changed

+8
-12
lines changed

readme.md

Lines changed: 8 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -10,22 +10,18 @@ to DnSpy_Bookmarks.xml
1010
This PS module could be useful and helpful during reversing .NET assemblies for
1111
fast revealing calls to unmanaged API functions used in assembly. Sometimes
1212
malware assemblies are full of junk code where the main functionality is
13-
implemented by direct WIN API or NTAPI calls.
14-
13+
implemented by direct WIN API or NTAPI calls.<br/>
1514
Get-PDInvokeImports enables you to get fast overview what P/Invoke, Dynamic
1615
P/Invoke and D/Invoke are used in assembly - It will show you what functions are
17-
used + MDTokens, where are declared, and all location where are used from code.
18-
16+
used + MDTokens, where are declared, and all location where are used from code.<br/>
1917
It enables to export all locations where are detected P/Invoke, Dynamic P/Invoke
2018
and D/Invoke referenced from code to DnSpy Bookmarks.xml
2119

2220
Example: Imagine 1MB assembly full of junk code + CF obfuscation where main
2321
functionality is reached via unmanaged WinAPI\\NTAPI calls.
2422

2523
This PS module is written in PowerShell and is fully compatible with Windows
26-
PowerShell (.NET Framework) and PowerShell Core (based on .NET, .NET Core).
27-
28-
It uses dnlib to parse assembly and .NET reflection to load dnlib. Dnlib is
24+
PowerShell (.NET Framework) and PowerShell Core (based on .NET, .NET Core). It uses dnlib to parse assembly and .NET reflection to load dnlib. Dnlib is
2925
available for .NET framework and .NET standard - simply means that one can use
3026
this PS module depending on dnlib on Windows and also Linux OS.
3127

@@ -47,10 +43,10 @@ PInvoke]](https://bohops.com/2022/04/02/unmanaged-code-execution-with-net-dynami
4743

4844
## Installation:
4945

50-
Release contains already compiled dnlib for specified platform + script
46+
[[Releases]](https://github.com/Dump-GUY/Get-PDInvokeImports/releases) contains already compiled dnlib for specified platform + script
5147
Get-PDInvokeImports.ps1.<br/>
52-
Windows – Download release (Use from Windows PowerShell or PowerShell Core)<br/>
53-
Linux – Download release (Use from PowerShell Core)<br/>
48+
Windows – Download [[release]](https://github.com/Dump-GUY/Get-PDInvokeImports/releases) (Use from Windows PowerShell or PowerShell Core)<br/>
49+
Linux – Download [[release]](https://github.com/Dump-GUY/Get-PDInvokeImports/releases) (Use from PowerShell Core)<br/>
5450

5551
If needed - compile dnlib on your own (Windows – .NET Framework,
5652
Linux-netstandard)<br/>
@@ -120,5 +116,5 @@ Dynamic P/Invoke detection is based on finding methodX referencing DefinePInvoke
120116
## Dependecies:
121117

122118
[[dnlib]](https://github.com/0xd4d/dnlib) (.NET metadata reader/writer which can
123-
also read obfuscated assemblies)
124-
[[DnSpyEx - optional]](https://github.com/dnSpyEx/dnSpy)
119+
also read obfuscated assemblies)<br/>
120+
[[DnSpyEx - optional]](https://github.com/dnSpyEx/dnSpy)<br/>

0 commit comments

Comments
 (0)