NtObjectManager

1.1.24

This module adds a provider and cmdlets to access the NT object manager namespace.

Minimum PowerShell version

3.0

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name NtObjectManager -RequiredVersion 1.1.24

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name NtObjectManager -Version 1.1.24

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

tyranid

Copyright

Package Details

Author(s)

James Forshaw

Cmdlets

Add-NtKey Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKey New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName Set-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Invoke-NtToken Get-NtSecurityDescriptor Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtObjectInformation Set-NtObjectInformation Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtEaBuffer Set-NtEaBuffer Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread

Dependencies

This module has no dependencies.

Release Notes

1.1.24
--------
* Added Add-NtTokenSecurityAttribute and Remove-NtTokenSecurityAttribute cmdlets.
* Added additional properties for running servies.
* Added support for drivers to Get-RunningService and Get-AccesibleService.
* Added fake service NtType objects for services and SCM to allow formatting and the UI.
* Added NtType property to security descriptors.
* Added option to Show-NtToken to elevate to admin.
* Added Suspend, Resume and Stop process commands.
* Added Get-NtEaBuffer and Set-NtEaBuffer commands.
* Added open to Get-NtDebug to get from a process.

FileList

NtObjectManager.nuspec
Be.Windows.Forms.HexBox.dll
EditSection.exe
Formatters.ps1xml
NDesk.Options.dll
NtApiDotNet.dll
NtObjectManager.dll
NtObjectManager.dll-Help.xml
NtObjectManager.psd1
NtObjectManager.psm1
TokenViewer.exe
ViewSecurityDescriptor.exe
WeifenLuo.WinFormsUI.Docking.dll
en-US\about_ManagingNtObjectLifetime.help.txt
en-US\about_NtObjectManagerProvider.help.txt

Version History

Version	Downloads	Last updated
2.0.1	19,860	11/15/2023
2.0.0	3,887	9/12/2023
2.0.0-alpha2...	23	8/31/2023
1.1.33	42,192	1/22/2022
1.1.32	52,801	8/18/2021
1.1.31	4,556	3/16/2021
1.1.30	1,032	1/15/2021
1.1.29	1,004	11/23/2020
1.1.28	2,214	6/30/2020
1.1.27	2,173	2/10/2020
1.1.26	490	1/21/2020
1.1.25	488	1/2/2020
1.1.24 (current version)	516	12/10/2019
1.1.23	961	10/15/2019
1.1.22	2,612	4/30/2019
1.1.21	201	4/23/2019
1.1.20	1,015	3/9/2019
1.1.19	208	2/4/2019
1.1.18	41	2/4/2019
1.1.17	666	9/9/2018
1.1.16	188	8/1/2018
1.1.15	238	6/18/2018
1.1.14	354	5/1/2018
1.1.13	117	4/4/2018
1.1.12	332	3/19/2018
1.1.11	139	3/4/2018
1.1.10	49	3/1/2018
1.1.9	83	2/22/2018
1.1.8	97	2/6/2018
1.1.7	106	1/11/2018
1.1.6	113	12/3/2017
1.1.5	56	11/23/2017
1.1.4	81	11/14/2017
1.1.3	72	11/5/2017
1.1.2	139	10/11/2017
1.1.1	360	8/30/2017
1.1.0	41	8/30/2017
1.0.9	100	8/19/2017
1.0.8	72	8/7/2017
1.0.7	204	6/14/2017
1.0.6	284	5/24/2017
1.0.5	37	5/24/2017
1.0.4	49	5/17/2017
1.0.3	101	2/23/2017
1.0.2	54	2/8/2017
1.0.1	282	11/3/2016
1.0	144	11/1/2016

Show less