SEC505
  • Welcome to "Securing Windows with PowerShell: A Deep Dive into SEC505"
    • Sec 505.1
      • Intro to Ps
      • Tips for Executing Commands
      • Getting Help in PowerShell
      • Aliases in PowerShell
      • Objects, Properties, and Methods
      • Get-Member (Alias: gm)
      • Drives and Environment Variables
      • Your Profile Script(s)
      • Functions, Cmdlets, and Modules
      • The PowerShell Gallery
      • Exporting, Importing, an d Converting Pages Reusable content Files Object Data
        • Select-Object (Alias: Select)
          • Arrays Are like In-Memory Database Tables
      • Search Event Logs
      • Hashtables and Splatting
      • Flow Control (All in one)
      • Functions
Powered by GitBook
On this page
  1. Welcome to "Securing Windows with PowerShell: A Deep Dive into SEC505"
  2. Sec 505.1

Functions, Cmdlets, and Modules

PreviousYour Profile Script(s)NextThe PowerShell Gallery

Last updated 2 months ago

In PowerShell, functions, cmdlets, and modules are essential building blocks for scripting and automation. They allow you to execute code, organize reusable logic, and extend PowerShell's capabilities. Let’s break down each of these concepts in detail.

1. Functions

What is a Function?

A function is a block of PowerShell code that has been given a name. It can accept input (parameters) and return output. Functions are like mini-scripts that you can reuse throughout your session or scripts.

For example, you might create a function to calculate disk usage or to format output in a specific way.

Key Features of Functions

  • Reusability: Write once, use many times.

  • Parameters: Functions can accept input via parameters.

  • Pipeline Support: Functions can be designed to work in pipelines, processing input from the previous command.

Listing Functions

To see all the functions available in your current session, use:

Get-ChildItem Function:\

This will list all functions, including built-in ones like help, more, and even C: (which is a function that runs Set-Location C:).

Viewing Function Code

To see the code inside a function, use:

Get-Content Function:\mkdir

This will display the code for the mkdir function, which is essentially a wrapper for New-Item.

Creating Your Own Functions

You can create your own functions using the function keyword. For example:

function Get-DiskUsage {
    Get-Volume | Select-Object DriveLetter, SizeRemaining, Size
}

Now, you can call Get-DiskUsage to retrieve disk usage information.

2. Cmdlets

What is a Cmdlet?

A cmdlet (pronounced "command-let") is a lightweight command used in PowerShell. Cmdlets are typically written in .NET and compiled into DLLs. They perform specific tasks and are the backbone of PowerShell's functionality.

Examples of cmdlets include:

  • Get-Process: Retrieves information about running processes.

  • Set-Location: Changes the current directory.

  • Get-ChildItem: Lists files and folders.

Key Features of Cmdlets

  • Verb-Noun Naming: Cmdlets follow a consistent naming pattern, such as Get-Process or Set-Location.

  • Pipeline Support: Cmdlets can accept input from and send output to other cmdlets via the pipeline.

  • Compiled Code: Cmdlets are compiled into DLLs, making them faster and more efficient than scripts.

Using Cmdlets

Cmdlets are used just like any other command. For example:

Get-Process -Name "notepad"

This retrieves information about all Notepad processes.

3. Modules

What is a Module?

A module is a package that contains cmdlets, functions, variables, aliases, and other resources. Modules are used to organize and distribute PowerShell code.

For example, the ActiveDirectory module provides cmdlets for managing Active Directory, while the SQLServer module provides cmdlets for working with SQL Server.

Key Features of Modules

  • Organization: Modules group related functionality together.

  • Reusability: Modules can be shared and reused across scripts and systems.

  • Versioning: Modules can have version numbers and dependencies.

Module Structure

A module typically consists of:

  • A .psm1 file: A PowerShell script that defines the module's functionality.

  • A .psd1 file: A manifest file that describes the module (optional).

  • DLLs: Compiled cmdlets (optional).

Module Paths

PowerShell looks for modules in specific directories, which are stored in the $env:PSModulePath environment variable. You can view these paths using:

$env:PSModulePath -Split ";"

This will show the directories where PowerShell searches for modules.

Using Modules

To use a module, you must first import it. For example:

Import-Module ActiveDirectory

This loads the ActiveDirectory module, making its cmdlets available for use.

Listing Modules

To see which modules are currently loaded, use:

Get-Module

To see all available modules (loaded or not), use:

Get-Module -ListAvailable

Automatic Module Loading

In PowerShell 3.0 and later, modules are automatically loaded when you use one of their cmdlets. For example, if you run Get-ADUser, PowerShell will automatically load the ActiveDirectory module if it isn’t already loaded.

4. Dot-Sourcing (Deprecated Technique)

What is Dot-Sourcing?

Dot-sourcing is an older technique for loading functions into PowerShell. It involves running a script in the current scope, which makes its functions and variables available in the session.

For example:

. C:\Scripts\MyFunctions.ps1

This loads the functions defined in MyFunctions.ps1 into the current session.

Why is Dot-Sourcing Deprecated?

While dot-sourcing still works, it’s considered outdated because:

  • Modules provide a more organized and scalable way to manage functions.

  • Dot-sourced functions are only available in the current session, whereas modules can be imported automatically.

Overlapping Names

If two dot-sourced scripts contain functions with the same name, the last one loaded will overwrite the earlier one. PowerShell follows a specific search order when resolving command names:

  1. Aliases

  2. Functions

  3. Cmdlets

  4. Native executables (e.g., ping.exe)

For example, if you have an alias, function, cmdlet, and executable all named Ping, PowerShell will use the alias first, then the function, then the cmdlet, and finally the executable

Page cover image