dadevel/CheckDLLs.ps1

## CheckDLLs.ps1
# based on https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73

# Get-Process | Get-LoadedModules -ModuleNames 'InProcessClient.dll','InProcessClient64.dll','MinProcessClient.dll','MinProcessClient64.dll' | ?{!$_.'InProcessClient.dll' -and !$_.'InProcessClient64.dll'} | ft -auto
function Get-LoadedModules {
  param(
    [Parameter(Mandatory,ValueFromPipeline)]
    [System.Diagnostics.Process]
    $Processes,
    [Parameter(Mandatory)]
    [string[]]
    $ModuleNames
  )
  begin {
    $currentSession = (Get-Process -Id $PID).SessionId
  }
  process {
    foreach ($process in $processes) {
      try {
        $loadedModules = Get-Process -Id $process.Id -Module -ErrorAction Stop
        $row = New-Object psobject
        $row | Add-Member -MemberType NoteProperty -Name Name -Value $process.Path
        $row | Add-Member -MemberType NoteProperty -Name CurrentSession -Value ($process.SessionId -eq $currentSession)
        $moduleNames | %{ $row | Add-Member -MemberType NoteProperty -Name $_ -Value ($loadedModules.ModuleName -contains $_) }
        Write-Output $row
      } catch {
      }
    }
  }
  end {
  }
}

# Get-Process -Id $pid | Get-ThirdPartyModules
function Get-ThirdPartyModules {
  param(
    [Parameter(Mandatory,ValueFromPipeline)]
    [System.Diagnostics.Process]
    $Process
  )
  process {
    $loadedModules = Get-Process -Id $process.Id -Module -ErrorAction Stop
    foreach ($module in $loadedModules) {
      $signature = Get-AuthenticodeSignature $module.FileName
      if ($signature.Status -eq 'valid' -and $signature.SignerCertificate.Subject -match 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US$') {
        continue
      }
      $row = New-Object psobject
      $row | Add-Member -MemberType NoteProperty -Name Name -Value $module.ModuleName
      $row | Add-Member -MemberType NoteProperty -Name Signed -Value $signature.Status
      $row | Add-Member -MemberType NoteProperty -Name Signer -Value $signature.SignerCertificate.Subject
      Write-Output $row
    }
  }
}
	# based on https://gist.github.com/S3cur3Th1sSh1t/d9aad93027aad893adae8805d59e2d73

	# Get-Process \| Get-LoadedModules -ModuleNames 'InProcessClient.dll','InProcessClient64.dll','MinProcessClient.dll','MinProcessClient64.dll' \| ?{!$_.'InProcessClient.dll' -and !$_.'InProcessClient64.dll'} \| ft -auto
	function Get-LoadedModules {
	param(
	[Parameter(Mandatory,ValueFromPipeline)]
	[System.Diagnostics.Process]
	$Processes,
	[Parameter(Mandatory)]
	[string[]]
	$ModuleNames
	)
	begin {
	$currentSession = (Get-Process -Id $PID).SessionId
	}
	process {
	foreach ($process in $processes) {
	try {
	$loadedModules = Get-Process -Id $process.Id -Module -ErrorAction Stop
	$row = New-Object psobject
	$row \| Add-Member -MemberType NoteProperty -Name Name -Value $process.Path
	$row \| Add-Member -MemberType NoteProperty -Name CurrentSession -Value ($process.SessionId -eq $currentSession)
	$moduleNames \| %{ $row \| Add-Member -MemberType NoteProperty -Name $_ -Value ($loadedModules.ModuleName -contains $_) }
	Write-Output $row
	} catch {
	}
	}
	}
	end {
	}
	}

	# Get-Process -Id $pid \| Get-ThirdPartyModules
	function Get-ThirdPartyModules {
	param(
	[Parameter(Mandatory,ValueFromPipeline)]
	[System.Diagnostics.Process]
	$Process
	)
	process {
	$loadedModules = Get-Process -Id $process.Id -Module -ErrorAction Stop
	foreach ($module in $loadedModules) {
	$signature = Get-AuthenticodeSignature $module.FileName
	if ($signature.Status -eq 'valid' -and $signature.SignerCertificate.Subject -match 'O=Microsoft Corporation, L=Redmond, S=Washington, C=US$') {
	continue
	}
	$row = New-Object psobject
	$row \| Add-Member -MemberType NoteProperty -Name Name -Value $module.ModuleName
	$row \| Add-Member -MemberType NoteProperty -Name Signed -Value $signature.Status
	$row \| Add-Member -MemberType NoteProperty -Name Signer -Value $signature.SignerCertificate.Subject
	Write-Output $row
	}
	}
	}