NtObjectManager

1.1.16

This module adds a provider and cmdlets to access the NT object manager namespace.

Minimum PowerShell version

3.0

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name NtObjectManager -RequiredVersion 1.1.16

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name NtObjectManager -Version 1.1.16

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

tyranid

Copyright

Package Details

Author(s)

James Forshaw

Cmdlets

Add-NtKey Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKey New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias New-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Invoke-NtToken Get-NtFilteredToken Get-NtLowBoxToken Get-NtSecurityDescriptor Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService

Dependencies

This module has no dependencies.

Release Notes

* Added Get-NtFilePathType function.
* Added Add-NtSecurityDescriptorDaclAce function.
* Added Path support to Get-NtSecurityDescriptor and Set-NtSecurityDescriptor.
* Added parameter to only return a specific set of IIDs from a COM proxy definition.
* Added support for extracting RPC servers from a DLL.
* Added support for enumerating registered RPC endpoints with Get-RpcEndpoint.
* Added support for enumerating running service information with Get-RunningService.
* Added Get-NtAlpcServer function.
* Reworked OpenWithType to support bruteforce of the object type.
* Added Win32Utils method to parse command line and extract image path.
* Fix DepStatus On Windows Server 2K12 / 2K16 from Rosalie.
* Added option to Get-NtProcess and Get-NtThread to only return system information.
* Added basic transaction support to registry keys.

FileList

NtObjectManager.nuspec
Be.Windows.Forms.HexBox.dll
EditSection.exe
Formatters.ps1xml
NDesk.Options.dll
NtApiDotNet.dll
NtObjectManager.dll
NtObjectManager.dll-Help.xml
NtObjectManager.psd1
NtObjectManager.psm1
TokenViewer.exe
ViewSecurityDescriptor.exe
WeifenLuo.WinFormsUI.Docking.dll
Core\NtApiDotNet.dll
Core\NtObjectManager.dll
en-US\about_ManagingNtObjectLifetime.help.txt
en-US\about_NtObjectManagerProvider.help.txt

Version History

Version	Downloads	Last updated
2.0.1	19,931	11/15/2023
2.0.0	3,887	9/12/2023
2.0.0-alpha2...	23	8/31/2023
1.1.33	42,192	1/22/2022
1.1.32	52,801	8/18/2021
1.1.31	4,558	3/16/2021
1.1.30	1,032	1/15/2021
1.1.29	1,004	11/23/2020
1.1.28	2,214	6/30/2020
1.1.27	2,173	2/10/2020
1.1.26	490	1/21/2020
1.1.25	488	1/2/2020
1.1.24	516	12/10/2019
1.1.23	961	10/15/2019
1.1.22	2,612	4/30/2019
1.1.21	201	4/23/2019
1.1.20	1,015	3/9/2019
1.1.19	208	2/4/2019
1.1.18	41	2/4/2019
1.1.17	666	9/9/2018
1.1.16 (current version)	188	8/1/2018
1.1.15	238	6/18/2018
1.1.14	354	5/1/2018
1.1.13	117	4/4/2018
1.1.12	332	3/19/2018
1.1.11	139	3/4/2018
1.1.10	49	3/1/2018
1.1.9	83	2/22/2018
1.1.8	97	2/6/2018
1.1.7	106	1/11/2018
1.1.6	113	12/3/2017
1.1.5	56	11/23/2017
1.1.4	81	11/14/2017
1.1.3	72	11/5/2017
1.1.2	139	10/11/2017
1.1.1	361	8/30/2017
1.1.0	41	8/30/2017
1.0.9	100	8/19/2017
1.0.8	72	8/7/2017
1.0.7	204	6/14/2017
1.0.6	284	5/24/2017
1.0.5	37	5/24/2017
1.0.4	49	5/17/2017
1.0.3	101	2/23/2017
1.0.2	54	2/8/2017
1.0.1	282	11/3/2016
1.0	144	11/1/2016

Show less