NtObjectManager

1.0.4

NtObjectManager.psd1

                                #  Copyright 2016 Google Inc. All Rights Reserved.

#

#  Licensed under the Apache License, Version 2.0 (the "License");

#  you may not use this file except in compliance with the License.

#  You may obtain a copy of the License at

#

#  http://www.apache.org/licenses/LICENSE-2.0

#

#  Unless required by applicable law or agreed to in writing, software

#  distributed under the License is distributed on an "AS IS" BASIS,

#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

#  See the License for the specific language governing permissions and

#  limitations under the License.

@{

# Script module or binary module file associated with this manifest.

RootModule = 'NtObjectManager.dll'

# Version number of this module.

ModuleVersion = '1.0.4'

# ID used to uniquely identify this module

GUID = 'ac251c97-67a6-4bc4-bb8a-5ae300e93030'

# Author of this module

Author = 'James Forshaw'

# Company or vendor of this module

CompanyName = 'Google Inc.'

# Copyright statement for this module

Copyright = '(c) 2016, 2017 Google Inc. All rights reserved.'

# Description of the functionality provided by this module

Description = 'This module adds a provider and cmdlets to access the NT object manager namespace.'

# Minimum version of the Windows PowerShell engine required by this module

PowerShellVersion = '3.0'

# Name of the Windows PowerShell host required by this module

# PowerShellHostName = ''

# Minimum version of the Windows PowerShell host required by this module

# PowerShellHostVersion = ''

# Minimum version of Microsoft .NET Framework required by this module

DotNetFrameworkVersion = '4.5'

# Minimum version of the common language runtime (CLR) required by this module

CLRVersion = '4.0'

# Processor architecture (None, X86, Amd64) required by this module

# ProcessorArchitecture = 'None'

# Modules that must be imported into the global environment prior to importing this module

# RequiredModules = @()

# Assemblies that must be loaded prior to importing this module

# RequiredAssemblies = @()

# Script files (.ps1) that are run in the caller's environment prior to importing this module.

# ScriptsToProcess = @()

# Type files (.ps1xml) to be loaded when importing this module

# TypesToProcess = @()

# Format files (.ps1xml) to be loaded when importing this module

FormatsToProcess = @("Formatters.ps1xml")

# Modules to import as nested modules of the module specified in RootModule/ModuleToProcess

# NestedModules = @()

# Functions to export from this module

FunctionsToExport = '*'

# Cmdlets to export from this module

CmdletsToExport = '*'

# Variables to export from this module

VariablesToExport = '*'

# Aliases to export from this module

AliasesToExport = '*'

# DSC resources to export from this module

# DscResourcesToExport = @()

# List of all modules packaged with this module

# ModuleList = @("NtObjectManager.psm1")

# List of all files packaged with this module

# FileList = @()

# Private data to pass to the module specified in RootModule/ModuleToProcess. This may also contain a PSData hashtable with additional module metadata used by PowerShell.

PrivateData = @{

    PSData = @{

        # Tags applied to this module. These help with module discovery in online galleries.

        Tags = @('security', 'defence', 'offence', 'sandbox')

        # A URL to the license for this module.

        LicenseUri = 'http://www.apache.org/licenses/LICENSE-2.0.html'

        # A URL to the main website for this project.

        ProjectUri = 'https://github.com/google/sandbox-attacksurface-analysis-tools'

        # A URL to an icon representing this module.

        # IconUri = ''

        # ReleaseNotes of this module

        ReleaseNotes = @'

1.0.4

-----

* Support getting and setting file EA buffe

* Added cmdlet to get NTSTATUS code information

* Support to toggle UIAccess and Virtualization flags on tokens

* Added asynchronous support for file operations using Task APIs

* Added support for virtual memory functions

* Added cmdlet to create named pipes and mailslots.

* Added support for specifying SD as SDDL directly to cmdlets.

* Added thread descriptions for Anniversary edition and above.

1.0.3

-----

* Fixed small bug in handling of IO_STATUS_BLOCK which could result in memory corruption.

* Added support to list directory entries for a file directory.

* Added support to do basic read and writes to a file.

1.0.2

-----

* Added support to disable dynamic code policy on a process.

* Added cmdlets for reparse points.

* Fixes for EA buffer.

* Added service SIDs.

* Added support for removing token privileges.

* Fixed token security attribute parsing.

1.0.1

-----

* Fixed bug in Get-NtThread with -ProcessId

* Added support for FilterScript for Get-NtThread

* Added support for querying thread dynamic code opt-out policy

* Added support for RFG mitigation

1.0.0

-----

Initial release:

* NT Object Manager drive provider

* Cmdlets to directory work with Directorys, Files, Symbolic Links, Events, Semaphores, Processes, Threads, Tokens etc.

'@

    } # End of PSData hashtable

} # End of PrivateData hashtable

# HelpInfo URI of this module

# HelpInfoURI = ''

# Default prefix for commands exported from this module. Override the default prefix using Import-Module -Prefix.

# DefaultCommandPrefix = ''

}