SysUtils

1.2.0

Read-only Windows PE / COM / .NET inspector for sysadmins. Parses DLL/OCX/EXE/SYS without LoadLibrary; reports PE headers, version info, COM TypeLibs (CoClasses, interfaces, methods), .NET assembly metadata (PEKind, CorFlags, AssemblyName, types) and Authenticode signatures. Cross-bitness inspection.

Minimum PowerShell version

5.1

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name SysUtils -RequiredVersion 1.2.0

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name SysUtils -Version 1.2.0

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2026 Manuel Alcocer J. MIT License.

Package Details

Author(s)

  • Manuel Alcocer J

Tags

PE DLL OCX COM TypeLib dotnet Inspector Sysadmin Windows PowerShell5

Functions

Get-DllInfo Get-DllGuidTable

Dependencies

This module has no dependencies.

Release Notes

1.2.0 - Add Get-DllGuidTable cmdlet.

Flat (Type, Name, Guid, RegKey) view of every entry in a DLL's embedded
TypeLib (coclass / interface / dispatch / enum / record / union / alias
/ module). The RegKey column reports the registry path under which each
GUID is registered (HKCR\CLSID for CoClasses, HKCR\Interface for
interfaces and dispinterfaces; HKLM and HKCU plus 32-bit Wow6432Node
views are searched), or empty when not registered or not applicable.
Switch -RegKey swaps the default Format-Table display from Guid to
RegKey to avoid wrapping; -Kind filters by entry kind. Strictly
read-only: oleaut32!LoadTypeLibEx is called with REGKIND_NONE and
registry lookups go through Microsoft.Win32.RegistryKey directly.

1.1.0 - Add -IncludeComRegistration switch.

Cross-references the CoClasses declared in the DLL's embedded TypeLib
against HKCR\CLSID across HKLM/HKCU x64+x86 views to determine whether
a COM in-proc server is correctly registered, plus surfaces every CLSID
whose InprocServer32 points at the inspected DLL. Uses
Microsoft.Win32.RegistryKey directly (full HKCR\CLSID walk drops from
~20s to ~1s vs the PowerShell registry provider). Strictly read-only:
no regsvr32, no LoadLibrary, no admin needed. Per-CLSID statuses:
Registered / DeclaredOnly / PathMismatch / RegisteredOnly. Global
verdict: OK / Partial / Unregistered / NotApplicable.

1.0.0 - Initial release.

Get-DllInfo: read-only Windows PE inspector that parses DLL/OCX/EXE/SYS
files without LoadLibrary (so cross-bitness inspection works and DllMain is
never executed). Layered output controlled by switches:

 - default: PE header (architecture, subsystem, characteristics, sections,
   timestamp), version info, shallow COM detection, shallow .NET detection.
 - -IncludeImports: full IDT/ILT walk including import-by-ordinal.
 - -IncludeExports: full export table with forwarder detection.
 - -IncludeResources: recursive 3-level resource tree walk.
 - -IncludeTypeLib: TypeLib reader via oleaut32!LoadTypeLibEx (CoClasses,
   interfaces, methods, parameters, enums, aliases, IIDs/CLSIDs).
 - -IncludeDotNetTypes: ReflectionOnlyLoadFrom for [ComVisible]/[Guid]/
   [ProgId] per type.
 - -IncludeSignature: Authenticode signature.
 - -IncludeHash: SHA-256.
 - -Detailed: turns on every Include* switch.

For managed assemblies, PEKind disambiguates AnyCPU / AnyCPUPrefer32 /
x86 / x64 / ARM64 / ManagedMixed using Machine + PE32/PE32+ + CorFlags.

FileList

Version History

Version Downloads Last updated
1.4.0 3 4/25/2026
1.3.1 3 4/25/2026
1.3.0 5 4/25/2026
1.2.0 (current version) 9 4/25/2026
1.1.0 3 4/25/2026
1.0.0 5 4/25/2026
Show more