Formatters.ps1xml

<?xml version="1.0" encoding="utf-8" ?>
<Configuration>
  <ViewDefinitions>
    <View>
      <Name>NtDirectoryEntryTable</Name>
      <ViewSelectedBy>
        <TypeName>NtObjectManager.NtDirectoryEntry</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>40</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>TypeName</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>TypeName</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>NtDirectoryEntryList</Name>
      <ViewSelectedBy>
        <TypeName>NtObjectManager.NtDirectoryEntry</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <PropertyName>Name</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>TypeName</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>IsDirectory</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>IsSymbolicLink</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>RelativePath</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>SymbolicLinkTarget</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>MaximumGrantedAccess</PropertyName>
                <FormatString>X08</FormatString>
              </ListItem>
              <ListItem>
                <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock>
                <Label>SecurityDescriptor</Label>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>NtTypeTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtType</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>40</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>SidTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.Sid</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>40</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Sid</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <ScriptBlock>$_.ToString()</ScriptBlock>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>Ace</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.Ace</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Type</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>User</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Flags</Label>
            <Width>20</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Mask</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>AceType</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <ScriptBlock>$_.Sid.Name</ScriptBlock>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>AceFlags</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Mask</PropertyName>
                <FormatString>X08</FormatString>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>Ace</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.Ace</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <PropertyName>AceType</PropertyName>
              </ListItem>
              <ListItem>
                <ScriptBlock>$_.Sid.Name</ScriptBlock>
                <Label>User</Label>
              </ListItem>
              <ListItem>
                <PropertyName>Sid</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>AceFlags</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Mask</PropertyName>
                <FormatString>X08</FormatString>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>TokenPrivilegeTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.TokenPrivilege</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Luid</Label>
            <Width>20</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>IsEnabled</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Luid</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Enabled</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>TokenPrivilegeList</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.TokenPrivilege</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <PropertyName>Name</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Luid</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Attributes</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Enabled</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>DisplayName</PropertyName>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>UserGroupTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.UserGroup</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Attributes</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <ScriptBlock>$_.Sid.Name</ScriptBlock>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Attributes</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>UserGroupList</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.UserGroup</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <ScriptBlock>$_.Sid.Name</ScriptBlock>
                <Label>Name</Label>
              </ListItem>
              <ListItem>
                <PropertyName>Sid</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Attributes</PropertyName>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>AtomTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtAtom</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Atom</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Atom</PropertyName>
                <FormatString>X04</FormatString>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>AtomList</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtAtom</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <PropertyName>Name</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Atom</PropertyName>
                <FormatString>X04</FormatString>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>KeyTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtKey</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>LastWriteTime</Label>
            <Width>20</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>SubKeyCount</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>ValueCount</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>LastWriteTime</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>SubKeyCount</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>ValueCount</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>TokenTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtToken</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>User</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>GroupCount</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>PrivilegeCount</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>AppContainer</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Restricted</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <ScriptBlock>$_.User.Sid.Name</ScriptBlock>
              </TableColumnItem>
              <TableColumnItem>
                <ScriptBlock>$_.Groups.Length</ScriptBlock>
              </TableColumnItem>
              <TableColumnItem>
                <ScriptBlock>$_.Privileges.Length</ScriptBlock>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>AppContainer</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Restricted</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>SymlinkTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtSymbolicLink</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Target</Label>
            <Width>40</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Target</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>ObjectTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtObject</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>NtTypeName</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>NtTypeName</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>ObjectWide</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtObject</TypeName>
      </ViewSelectedBy>
      <WideControl>
        <WideEntries>
          <WideEntry>
            <WideItem>
              <PropertyName>Name</PropertyName>
            </WideItem>
          </WideEntry>
        </WideEntries>
      </WideControl>
    </View>
    <View>
      <Name>NtHandleTable</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtHandle</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>ProcessId</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Handle</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>ObjectType</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Object</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>GrantedAccess</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>ProcessId</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Handle</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>ObjectType</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Object</PropertyName>
                <FormatString>X016</FormatString>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>GrantedAccess</PropertyName>
                <FormatString>X08</FormatString>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>NtHandleList</Name>
      <ViewSelectedBy>
        <TypeName>NtApiDotNet.NtHandle</TypeName>
      </ViewSelectedBy>
      <ListControl>
        <ListEntries>
          <ListEntry>
            <ListItems>
              <ListItem>
                <PropertyName>ProcessId</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>ObjectType</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Attributes</PropertyName>
              </ListItem>
              <ListItem>
                <PropertyName>Handle</PropertyName>
                <FormatString>X</FormatString>
              </ListItem>
              <ListItem>
                <PropertyName>Object</PropertyName>
                <FormatString>X016</FormatString>
              </ListItem>
              <ListItem>
                <PropertyName>GrantedAccess</PropertyName>
                <FormatString>X08</FormatString>
              </ListItem>
              <ListItem>
                <PropertyName>Name</PropertyName>
              </ListItem>
              <ListItem>
                <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock>
                <Label>SecurityDescriptor</Label>
              </ListItem>
            </ListItems>
          </ListEntry>
        </ListEntries>
      </ListControl>
    </View>
    <View>
      <Name>AccessCheckResult</Name>
      <ViewSelectedBy>
        <TypeName>NtObjectManager.AccessCheckResult</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>TokenId</Label>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Access</Label>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>Name</Label>
            <Alignment>right</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>TokenId</PropertyName>
                <FormatString>X</FormatString>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>GrantedGenericAccessString</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
    <View>
      <Name>ExecutableManifest</Name>
      <ViewSelectedBy>
        <TypeName>SandboxAnalysisUtils.ExecutableManifest</TypeName>
      </ViewSelectedBy>
      <TableControl>
        <TableHeaders>
          <TableColumnHeader>
            <Label>Name</Label>
            <Width>40</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>UiAccess</Label>
            <Width>10</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>AutoElevate</Label>
            <Width>15</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
          <TableColumnHeader>
            <Label>ExecutionLevel</Label>
            <Width>30</Width>
            <Alignment>left</Alignment>
          </TableColumnHeader>
        </TableHeaders>
        <TableRowEntries>
          <TableRowEntry>
            <TableColumnItems>
              <TableColumnItem>
                <PropertyName>Name</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>UiAccess</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>AutoElevate</PropertyName>
              </TableColumnItem>
              <TableColumnItem>
                <PropertyName>ExecutionLevel</PropertyName>
              </TableColumnItem>
            </TableColumnItems>
          </TableRowEntry>
        </TableRowEntries>
      </TableControl>
    </View>
  </ViewDefinitions>
</Configuration>