SysUtils

1.1.0

Read-only Windows PE / COM / .NET inspector for sysadmins. Parses DLL/OCX/EXE/SYS without LoadLibrary; reports PE headers, version info, COM TypeLibs (CoClasses, interfaces, methods), .NET assembly metadata (PEKind, CorFlags, AssemblyName, types) and Authenticode signatures. Cross-bitness inspection.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name SysUtils -RequiredVersion 1.1.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name SysUtils -Version 1.1.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Manuel Alcocer J. MIT License.

Package Details

Author(s)

  • Manuel Alcocer J

Tags

PE DLL OCX COM TypeLib dotnet Inspector Sysadmin Windows PowerShell5

Functions

Get-DllInfo

Dependencies

This module has no dependencies.

Release Notes

1.1.0 - Add -IncludeComRegistration switch.

Cross-references the CoClasses declared in the DLL's embedded TypeLib
against HKCR\CLSID across HKLM/HKCU x64+x86 views to determine whether
a COM in-proc server is correctly registered, plus surfaces every CLSID
whose InprocServer32 points at the inspected DLL. Uses
Microsoft.Win32.RegistryKey directly (full HKCR\CLSID walk drops from
~20s to ~1s vs the PowerShell registry provider). Strictly read-only:
no regsvr32, no LoadLibrary, no admin needed. Per-CLSID statuses:
Registered / DeclaredOnly / PathMismatch / RegisteredOnly. Global
verdict: OK / Partial / Unregistered / NotApplicable.

1.0.0 - Initial release.

Get-DllInfo: read-only Windows PE inspector that parses DLL/OCX/EXE/SYS
files without LoadLibrary (so cross-bitness inspection works and DllMain is
never executed). Layered output controlled by switches:

 - default: PE header (architecture, subsystem, characteristics, sections,
   timestamp), version info, shallow COM detection, shallow .NET detection.
 - -IncludeImports: full IDT/ILT walk including import-by-ordinal.
 - -IncludeExports: full export table with forwarder detection.
 - -IncludeResources: recursive 3-level resource tree walk.
 - -IncludeTypeLib: TypeLib reader via oleaut32!LoadTypeLibEx (CoClasses,
   interfaces, methods, parameters, enums, aliases, IIDs/CLSIDs).
 - -IncludeDotNetTypes: ReflectionOnlyLoadFrom for [ComVisible]/[Guid]/
   [ProgId] per type.
 - -IncludeSignature: Authenticode signature.
 - -IncludeHash: SHA-256.
 - -Detailed: turns on every Include* switch.

For managed assemblies, PEKind disambiguates AnyCPU / AnyCPUPrefer32 /
x86 / x64 / ARM64 / ManagedMixed using Machine + PE32/PE32+ + CorFlags.

FileList

Version History

Version Downloads Last updated
1.4.0 3 4/25/2026
1.3.1 3 4/25/2026
1.3.0 5 4/25/2026
1.2.0 9 4/25/2026
1.1.0 (current version) 3 4/25/2026
1.0.0 5 4/25/2026
Show more