<< Back to Script Library

Show modules loaded by process

Show details for all modules in use by the chosen process including version, timestamps, size and signing information, grouped by the containing folder.

Version: 1.2.9
Created: 2018-11-09
Modified: 2018-11-20
Creator: Guy Leech
Downloads: 659
Tags: DLL Modules
The Script Try this script with ControlUp Copy Script Copied to clipboard
<#
    Get module details for a running process

    @guyrleech 2018

    Modification History:

    14/11/18   GRL  Group by module directory
#>

$processId = $args[0]
$outputWidth = 400

# Altering the size of the PS Buffer
$PSWindow = (Get-Host).UI.RawUI
$WideDimensions = $PSWindow.BufferSize
$WideDimensions.Width = $outputWidth
$PSWindow.BufferSize = $WideDimensions

if( ! ( Get-Process -Id $processId -ErrorAction SilentlyContinue ) )
{
    Throw "Unable to find process with id $processId"
}

[hashtable]$modulesDone = @{}

[array]$Modules = @( Get-Process -id $processId -ErrorAction Stop | Select -ExpandProperty Modules | ForEach-Object `
{
    $module = Get-ItemProperty -Path $_.FileName
    if( ! $modulesDone[ $module.FullName ] ) ## Get-Process sometimes repeats a module
    {
        $modulesDone.Add( $module.FullName , $true )
        $signing = $null
        $versionInfo = $module.VersionInfo
        try
        {
            ## for signed files, as in not externally signed via a catalogue, Get-AuthenticodeSignature does not return the correct certificate
            $cert = [System.Security.Cryptography.X509Certificates.X509Certificate]::CreateFromSignedFile( $module.FullName )
        }
        catch
        {
            $cert = $null
            $signing = Get-AuthenticodeSignature -FilePath $module.FullName -ErrorAction SilentlyContinue
        }
        [string]$expired = '-'
        [string]$expiryDate = '-'
        [string]$certificateSigner = '-'

        if( $cert )
        {
            $theExpiryDate = New-Object -TypeName DateTime
            if( [datetime]::TryParse( $cert.GetExpirationDateString() , [ref]$theExpiryDate ) )
            {
                $expired = if( $theExpiryDate -gt [datetime]::Now ) { 'No' } else { 'Yes' }
                $expiryDate = Get-Date -Date $theExpiryDate -Format G
            }
            else
            {
                $expired = '-'
            }
            $certificateSigner = ($cert.GetName() -split 'CN=')[-1]
        }
        elseif( $signing )
        {
            if( $signing.Status -eq 'Valid' )
            {
                $expired = if( [datetime]::Now -gt $signing.SignerCertificate.NotBefore -and [datetime]::Now -lt $signing.SignerCertificate.NotAfter ) { 'No' } else { 'Yes' }
                $expiryDate = Get-Date -Date $signing.SignerCertificate.NotAfter -Format G
                $certificateSigner = ($signing.SignerCertificate.GetName() -split 'CN=')[-1]
            }
        }
        else
        {
            $expired = '-'
        }

        $result = [pscustomobject][ordered]@{
            'Path' = $module.DirectoryName
            'Module' = $module.Name
            'Version' = if( $versionInfo ) { $versionInfo.ProductVersion } else { '-' }
            ##'File Owner' = ( Get-Acl -Path $_.FileName | Select -ExpandProperty Owner )
            'Created' = $module.CreationTime
            'Last Modified' = $module.LastWriteTime
            'Size (KB)' = [math]::Round( $module.Length / 1KB )
            'Cert Expiry' = $expiryDate
            'Cert Expired' = $expired
            'Cert Signer' = $certificateSigner
        }
        $result
    }
})

"Analysed $($Modules.Count) modules:"

$Modules | Sort 'Path','Module' | Format-Table -AutoSize -GroupBy 'Path' -Property 'Module','Version','Created','Last Modified','Size (KB)','Cert Expiry','Cert Expired','Cert Signer'
START YOUR TRIAL

Get Your Download Link

Gain access to ControlUp from your PC. Register and get a link to start your Free Trial.