sunnyc7/Win32NativeWithoutPInvoke.ps1

## Win32NativeWithoutPInvoke.ps1
# Author: @mattifestation.
# Link:http://www.exploit-monday.com/2012/12/list-all-win32native-functions.html
## Comment:
#   My experience running on V3.0 has been slow so far. I will try on other workstations and test v3.0
#   Matt's screenshot look impressive.
#   To QCall or Not to QCall.

$PinvokeMethods = [AppDomain]::CurrentDomain.GetAssemblies().GetTypes().GetMethods('NonPublic, Public, Static, Instance') |
    ? { $_.Attributes.HasFlag([Reflection.MethodAttributes]::PinvokeImpl) } | % { $CurrentMethod = $_; $_.CustomAttributes } |
        ? { $_.AttributeType -eq [Runtime.InteropServices.DllImportAttribute] } | ? { $_.ConstructorArguments.Value -ne 'QCall' } |
            % { New-Object PSObject -Property @{ Dll = $_.ConstructorArguments.Value; Name = $CurrentMethod.Name; DeclaringType = $CurrentMethod.DeclaringType } }

$PinvokeMethods | Sort-Object -Property Name -Unique | Sort-Object -Property Dll, Name | Format-Table Dll, Name, DeclaringType -AutoSize
	# Author: @mattifestation.
	# Link:http://www.exploit-monday.com/2012/12/list-all-win32native-functions.html
	## Comment:
	# My experience running on V3.0 has been slow so far. I will try on other workstations and test v3.0
	# Matt's screenshot look impressive.
	# To QCall or Not to QCall.

	$PinvokeMethods = [AppDomain]::CurrentDomain.GetAssemblies().GetTypes().GetMethods('NonPublic, Public, Static, Instance') \|
	? { $_.Attributes.HasFlag([Reflection.MethodAttributes]::PinvokeImpl) } \| % { $CurrentMethod = $_; $_.CustomAttributes } \|
	? { $_.AttributeType -eq [Runtime.InteropServices.DllImportAttribute] } \| ? { $_.ConstructorArguments.Value -ne 'QCall' } \|
	% { New-Object PSObject -Property @{ Dll = $_.ConstructorArguments.Value; Name = $CurrentMethod.Name; DeclaringType = $CurrentMethod.DeclaringType } }

	$PinvokeMethods \| Sort-Object -Property Name -Unique \| Sort-Object -Property Dll, Name \| Format-Table Dll, Name, DeclaringType -AutoSize