Last active
February 24, 2024 15:21
-
-
Save jaredcatkinson/271a09dd5624a8d4ce87e21b80e8d9e4 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
function Get-StructureOffset | |
{ | |
<# | |
.SYNOPSIS | |
Returns the field offset of the unmanaged form of the managed structure. | |
.DESCRIPTION | |
Wraps the Marshal class' OffsetOf method to return the offset for all fields in the specified Structure. | |
.NOTES | |
Author: Jared Atkinson (@jaredcatkinson) | |
License: BSD 3-Clause | |
Required Dependencies: None | |
Optional Dependencies: None | |
.LINK | |
https://msdn.microsoft.com/en-us/library/y8ewk18b(v=vs.110).aspx | |
.EXAMPLE | |
PS> Get-StructureOffset -Type $KERB_RETRIEVE_TKT_REQUEST | |
Offset Name Type | |
------ ---- ---- | |
0x0000 MessageType KERB_PROTOCOL_MESSAGE_TYPE | |
0x0004 LogonId LUID | |
0x000c TargetName LSA_UNICODE_STRING | |
0x001c TicketFlags System.UInt32 | |
0x0020 CacheOptions KERB_CACHE_OPTIONS | |
0x0028 EncryptionType System.Int64 | |
0x0030 CredentialsHandle SecHandle | |
#> | |
param | |
( | |
[Parameter(Mandatory = $true)] | |
[type] | |
$Type | |
) | |
if($Type.IsValueType -and !($Type.IsEnum)) | |
{ | |
foreach($field in $Type.DeclaredFields) | |
{ | |
$offset = [System.Runtime.InteropServices.Marshal]::OffsetOf($Type, $field.Name) | |
$hexoffset = [String]::Format("0x{0:x3}", [Int]$offset) | |
$obj = New-Object -TypeName psobject | |
$obj | Add-Member -MemberType NoteProperty -Name Offset -Value $hexoffset | |
$obj | Add-Member -MemberType NoteProperty -Name Name -Value $field.Name | |
$obj | Add-Member -MemberType NoteProperty -Name Type -Value $field.FieldType | |
Write-Output $obj | |
} | |
} | |
else | |
{ | |
throw "Type $($Type.FullName) is not a valid Structure" | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment