{"id":3395,"date":"2022-04-25T14:26:26","date_gmt":"2022-04-25T12:26:26","guid":{"rendered":"https:\/\/www.mariotti.de\/?p=3395"},"modified":"2022-04-25T14:26:26","modified_gmt":"2022-04-25T12:26:26","slug":"hook-dlls-in-prozessen-finden-mittels-powershell","status":"publish","type":"post","link":"https:\/\/dev.mariotti.de\/?p=3395","title":{"rendered":"Hook DLLs in Prozessen finden (mittels PowerShell)"},"content":{"rendered":"<p>Gelegentlich kommt es vor, dass man beim Troubleshooting eines Problem\u00a0 verwendete Hook DLLs ermitteln muss, dies kann man z.B. mittels Sysinternals Process Explorer machen. Es ist jedoch auch mittels PowerShell m\u00f6glich, hierzu zwei kleine Beispiele:<\/p>\n<pre><code class=\"language-powershell\"># Hook DLLs eines bestimmten Prozesses auflisten (am Beispiel vom Explorer)\nGet-Process explorer | Select -ExpandProperty modules | Select FileName,Product,Company\n\n# Hook DLL eines bestimmten Herstellers in beliebigen Prozessen finden (am Beispiel von Citrix)\n$process = Get-Process -IncludeUserName\nforeach ($item in $process)\n{\n        Write-host \"Process: [$($Item.name)] Description: [$($Item.Description)] User: [$($item.UserName)]\"  -ForegroundColor Yellow\n        $item | Select -ExpandProperty modules -ea SilentlyContinue | Where-Object FileName -Like  \"*Citrix*\"\n} \n<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p>Gelegentlich kommt es vor, dass man beim Troubleshooting eines Problem\u00a0 verwendete Hook DLLs ermitteln muss, dies kann man z.B. mittels Sysinternals Process Explorer machen. Es ist jedoch auch mittels PowerShell m\u00f6glich, hierzu zwei kleine Beispiele.<\/p>\n","protected":false},"author":2,"featured_media":2425,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[35,37],"tags":[],"class_list":["post-3395","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-citrix","category-powershell"],"_links":{"self":[{"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/posts\/3395","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3395"}],"version-history":[{"count":0,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/posts\/3395\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=\/wp\/v2\/media\/2425"}],"wp:attachment":[{"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3395"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3395"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dev.mariotti.de\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3395"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}