PowerShellArsenal , a PowerShell module for reverse engineering
Powerful and easy to use
PowerShellArsenal is a useful PowerShell module that can be used to perform reverse engineering activities on .NET assemblies, like disassembling code, perform .NET malware analysis and analyze memory.
PowerShellArsenal is comprised of the following tools:
- Disassembly — Disassemble native and managed code.
- MalwareAnalysis — Useful tools when performing malware analysis.
- MemoryTools — Inspect and analyze process memory.
- Parsers — Parse file formats and in-memory structures.
- WindowsInternals — Obtain and analyze low-level Windows OS information.
- Misc — Miscellaneous helper functions.
- Lib — Libraries required by some of the RE functions.