NtObjectManager
1.1.30
This module adds a provider and cmdlets to access the NT object manager namespace.
Minimum PowerShell version
3.0
Installation Options
Author(s)
James Forshaw
Copyright
(c) 2016-2020 Google Inc. All rights reserved.
Package Details
Owners
Tags
security defence offence sandbox
Cmdlets
Add-NtKeyHive Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKeyHive New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName New-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtTokenImpersonation Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop Get-Win32Error Set-NtKeyValue Remove-NtKey Get-NtObjectInformation Set-NtObjectInformation Test-NtTokenPrivilege Format-NtJob Add-NtSecurityDescriptorAce New-NtSecurityAttribute Remove-NtSecurityDescriptorAce Invoke-NtToken Set-Win32SecurityDescriptor Reset-Win32SecurityDescriptor Search-Win32SecurityDescriptor Get-Win32SecurityDescriptor Compare-NtSid Test-NtAceCondition Test-NtTokenGroup Test-NtAccessMask Grant-NtAccessMask Revoke-NtAccessMask Select-NtSecurityDescriptorAce Write-NtAudit New-AuthZResourceManager New-AuthZContext Get-AuthZGrantedAccess Add-AuthZSid Remove-AuthZSid Set-NtToken Get-NtTokenDefaultDacl Set-NtTokenDefaultDacl Get-NtKeySymbolicLinkTarget New-NtKeySymbolicLink Rename-NtFile Get-NtFileVolumeInformation Set-NtFileVolumeInformation Send-NtFileControl Get-NtFileAttribute Set-NtFileAttribute Get-NtFileShareProcess Get-NtFileCompression Set-NtFileCompression Get-NtFileLink Get-NtFileStream Get-NtFileObjectId Get-NtFileId Set-NtFileObjectId Remove-NtFileObjectId Get-NtFileFinalPath Add-NtThreadApc New-NtThread New-NtEnclave Get-RandomByte Get-RunningScheduledTask
Functions
Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Get-NtSecurityDescriptor Get-NtSecurityDescriptorIntegrityLevel Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtFileEa Set-NtFileEa Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Out-HexDump Get-NtTypeAccess Get-NtAtom Add-NtAtom Remove-NtAtom Import-Win32Module Get-Win32Module Get-Win32ModuleExport Get-Win32ModuleImport Get-NtDirectoryEntry Remove-NtKeyValue Read-AuthCredential Get-AuthPackage Get-AuthCredentialHandle Get-AuthServerContext Get-AuthClientContext Update-AuthServerContext Update-AuthClientContext Get-AuthAccessToken Get-NtKernelModule Get-NtObjectInformationClass Add-NtSection Remove-NtSection Compare-NtObject Edit-NtSecurityDescriptor Set-NtSecurityDescriptorOwner Set-NtSecurityDescriptorGroup Set-NtSecurityDescriptorIntegrityLevel ConvertFrom-NtAceCondition ConvertFrom-NtSecurityDescriptor Remove-NtSecurityDescriptorOwner Remove-NtSecurityDescriptorGroup New-NtUserGroup New-NtAcl Set-NtSecurityDescriptorDacl Set-NtSecurityDescriptorSacl Copy-NtSecurityDescriptor Test-NtSecurityDescriptor Get-NtSecurityDescriptorOwner Get-NtSecurityDescriptorGroup Get-NtSecurityDescriptorDacl Get-NtSecurityDescriptorSacl Set-NtSecurityDescriptorControl Get-NtSecurityDescriptorControl Remove-NtSecurityDescriptorDacl Remove-NtSecurityDescriptorSacl Remove-NtSecurityDescriptorIntegrityLevel Add-NtSecurityDescriptorControl Remove-NtSecurityDescriptorControl Format-Win32SecurityDescriptor New-ObjectTypeTree Add-ObjectTypeTree ConvertTo-NtAceCondition Get-NtTokenMandatoryPolicy Clear-NtSecurityDescriptorDacl Clear-NtSecurityDescriptorSacl Get-CentralAccessPolicy Remove-ObjectTypeTree Set-ObjectTypeTreeAccess Revoke-ObjectTypeTreeAccess Select-ObjectTypeTree Test-NtObject Get-NtTokenIntegrityLevel Get-NtAuditPolicy Set-NtAuditPolicy Get-NtAuditSecurity Set-NtAuditSecurity Format-AuthToken Get-AuthToken Test-AuthContext Get-NtLogonSession Get-NtAccountRight Get-NtAccountRightSid Get-NtConsoleSession Get-ServicePrincipalName Get-NtTokenId Get-AuthCredential Export-AuthToken Import-AuthToken Get-MD4Hash Format-ASN1DER Import-KerberosKeyTab Export-KerberosKeyTab New-KerberosKey Get-KerberosKey Unprotect-AuthToken Get-KerberosTicket Get-NdrComplexType Get-NtProcessUser Get-NtProcessEnvironment Split-Win32CommandLine Send-NtWindowMessage Get-NtKeyHive Backup-NtKey Restore-NtKey Enable-NtTokenVirtualization Disable-NtTokenVirtualization Read-NtFile Write-NtFile Get-FilterConnectionPort Get-FilterDriver Get-FilterDriverInstance Get-FilterDriverVolume Get-FilterDriverVolumeInstance Add-NtEaBuffer Remove-NtFileEa Get-NtDeviceSetupClass Get-NtDeviceNode Get-NtDeviceInterfaceClass Get-NtDeviceProperty Get-NtDeviceNodeChild Get-NtDeviceInterfaceInstance Get-NtDeviceNodeParent Get-NtDeviceNodeStack Get-NtFileItem Get-NtFileChange Lock-NtFile Unlock-NtFile Get-NtFileDisposition Set-NtFileDisposition Wait-AsyncTaskResult Get-NtFile8dot3Name Send-FilterConnectionPort Test-NtFileDriverPath Get-NtMountPoint New-NtFileReparseBuffer Get-NtFileQuota Set-NtFileQuota Read-NtFileUsnJournal Confirm-NtFileOplock Start-AppModelApplication Get-NtThreadContext Set-NtThreadContext Remove-AppContainerProfile Get-AppModelApplicationPolicy Test-NtProcessJob Get-AppxDesktopBridge Stop-NtJob Get-NtThreadWorkOnBehalfTicket Set-NtThreadWorkOnBehalfTicket Get-NtThreadContainerId Set-NtThreadContainer Clear-NtThreadWorkOnBehalfTicket Compare-NtSigningLevel Get-NtSystemInformation Get-NtSigningLevel Get-X509Certificate Set-NtCachedSigningLevel Invoke-NtEnclave Add-NtAccountRight Remove-NtAccountRight Start-Win32DebugConsole Get-Win32Service Test-NtProcess Get-NtApiSet Clear-NtSidName Add-NtSidName Remove-NtSidName New-Win32Service Remove-Win32Service Test-NtTokenCapability New-Win32DebugConsole Read-Win32DebugConsole Get-Win32ServiceSecurityDescriptor
Dependencies
This module has no dependencies.
Release Notes
1.1.30
--------
* Fixed issue when displaying only a SACL with Format-NtSecurityDescriptor.
* Added basic named pipe support for RPC clients.
* Fixed issue enumerating per-user audit rules.
* Added view accessor for safe buffers.
* Improved debug tracing for RPC clients.
* Improved handling of paths with local files commands.
* Fixed path issue with Set-Win32SecurityDescriptor.
* Added querying trace providers from the WMI security key.
FileList
- NtObjectManager.nuspec
- Be.Windows.Forms.HexBox.dll
- EditSection.exe
- Formatters.ps1xml
- NDesk.Options.dll
- NtApiDotNet.dll
- NtApiDotNet.Forms.dll
- NtObjectManager.dll
- NtObjectManager.dll-Help.xml
- NtObjectManager.psd1
- NtObjectManager.psm1
- TokenViewer.exe
- ViewSecurityDescriptor.exe
- WeifenLuo.WinFormsUI.Docking.dll
- en-US\about_ManagingNtObjectLifetime.help.txt
- en-US\about_NtObjectManagerProvider.help.txt
Version History
Version | Downloads | Last updated |
---|---|---|
1.1.31 | 478 | 3/16/2021 |
1.1.30 (current version) | 898 | 1/15/2021 |
1.1.29 | 692 | 11/23/2020 |
1.1.28 | 2,122 | 6/30/2020 |
1.1.27 | 2,132 | 2/10/2020 |
1.1.26 | 420 | 1/21/2020 |
1.1.25 | 429 | 1/2/2020 |
1.1.24 | 478 | 12/10/2019 |
1.1.23 | 922 | 10/15/2019 |
1.1.22 | 2,463 | 4/30/2019 |
1.1.21 | 56 | 4/23/2019 |
1.1.20 | 462 | 3/9/2019 |
1.1.19 | 180 | 2/4/2019 |
1.1.18 | 20 | 2/4/2019 |
1.1.17 | 627 | 9/9/2018 |
1.1.16 | 164 | 8/1/2018 |
1.1.15 | 200 | 6/18/2018 |
1.1.14 | 288 | 5/1/2018 |
1.1.13 | 97 | 4/4/2018 |
1.1.12 | 231 | 3/19/2018 |
1.1.11 | 93 | 3/4/2018 |
1.1.10 | 25 | 3/1/2018 |
1.1.9 | 59 | 2/22/2018 |
1.1.8 | 77 | 2/6/2018 |
1.1.7 | 85 | 1/11/2018 |
1.1.6 | 92 | 12/3/2017 |
1.1.5 | 36 | 11/23/2017 |
1.1.4 | 58 | 11/14/2017 |
1.1.3 | 42 | 11/5/2017 |
1.1.2 | 94 | 10/11/2017 |
1.1.1 | 169 | 8/30/2017 |
1.1.0 | 11 | 8/30/2017 |
1.0.9 | 77 | 8/19/2017 |
1.0.8 | 50 | 8/7/2017 |
1.0.7 | 154 | 6/14/2017 |
1.0.6 | 227 | 5/24/2017 |
1.0.5 | 16 | 5/24/2017 |
1.0.4 | 29 | 5/17/2017 |
1.0.3 | 81 | 2/23/2017 |
1.0.2 | 34 | 2/8/2017 |
1.0.1 | 215 | 11/3/2016 |
1.0 | 108 | 11/1/2016 |