PSReflect-Functions

1.1

Provides Windows API functions as abstracted PowerShell functions.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name PSReflect-Functions

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deloy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Author(s)

Jared Atkinson (@jaredcatkinson) Will Schroeder (@harmj0y) Chris Ross (@xorrior)

Copyright

(c) 2017 Jared Atkinson, Will Schroeder, and Chris Ross. All rights reserved.

Owners

Tags

PSReflect Windows-API Win32-API Advapi32 Kernel32 Netapi32 Ntdll Secur32 Wtsapi32

Functions

AdtListCategories AmsiCloseSession AmsiInitialize AmsiOpenSession AmsiResultIsMalware AmsiScanBuffer AmsiScanString AmsiUninitialize ChangeServiceConfig CloseHandle CloseServiceHandle ConvertSidToStringSid CreateFile CreatePipe CreateRemoteThread CreateThread CreateToolhelp32Snapshot CryptCATAdminAcquireContext CryptCATAdminAcquireContext2 CryptCATAdminAddCatalog CryptCATAdminCalcHashFromFileHandle CryptCATAdminCalcHashFromFileHandle2 CryptCATAdminEnumCatalogFromHash CryptCATAdminReleaseCatalogContext CryptCATCatalogInfoFromContext CryptCATStoreFromHandle CryptQueryObject DeleteSecurityPackage DsEnumerateDomainTrusts DsGetSiteName DuplicateToken EnumerateSecurityPackages EnumMonitors FreeContextBuffer GetCurrentProcess GetIpNetTable GetNamedPipeClientComputerName GetNamedPipeClientProcessId GetNamedPipeClientSessionId GetNamedPipeServerProcessId GetNamedPipeServerSessionId GetProcAddress GetThreadContext GetThreadId GetTokenInformation GetVersionFromProcess GlobalAddAtom GlobalDeleteAtom GlobalFindAtom GlobalGetAtomName ImpersonateLoggedOnUser K32GetMappedFileName LoadLibrary LogonUser LookupPrivilegeDisplayName LookupPrivilegeName LsaCallAuthenticationPackage LsaCallAuthenticationPackageKerbPurgeTktCache LsaCallAuthenticationPackageKerbQueryTktCache LsaCallAuthenticationPackageKerbRetrieveTkt LsaConnectUntrusted LsaDeregisterLogonProcess LsaEnumerateLogonSessions LsaFreeReturnBuffer LsaGetLogonSessionData LsaLookupAuthenticationPackage LsaNtStatusToWinError LsaRegisterLogonProcess NetApiBufferFree NetConnectionEnum NetFileEnum NetGetAnyDCName NetGetDCName NetLocalGroupAddMembers NetLocalGroupDelMembers NetLocalGroupEnum NetLocalGroupGetMembers NetSessionEnum NetShareAdd NetShareDel NetShareEnum NetWkstaUserEnum NtClose NtCreateKey NtDeleteKey NtDeleteValueKey NtDuplicateObject NtEnumerateKey NtEnumerateValueKey NtOpenKey NtQueryEaFile NtQueryInformationFile NtQueryInformationThread NtQueryKey NtQueryObject NtQueryValueKey NtSetEaFile NtSetValueKey OpenProcess OpenProcessToken OpenSCManagerW OpenThread OpenThreadToken PeekNamedPipe QueryFullProcessImageName ReadProcessMemory ResumeThread RevertToSelf RtlAdjustPrivilege RtlGetFunctionTableListHead RtlInitUnicodeString SamCloseHandle SamConnect SamOpenDomain SamOpenUser SamSetInformationUser TerminateThread Thread32First VirtualAllocEx VirtualFreeEx VirtualProtectEx VirtualQueryEx WinVerifyTrust WNetAddConnection2W, WNetCancelConnection2 WriteProcessMemory WTSCloseServer WTSEnumerateSessionsEx WTSFreeMemory WTSFreeMemoryEx WTSOpenServerEx WTSQuerySessionInformation WTSQueryUserToken Get-ArpCache Get-Atom Get-DigitalSignature Get-LogonSession Get-SecurityPackage Get-System New-InjectedThread WinVerifyTrust-2

Dependencies

This module has no dependencies.

Version History

Version Downloads Last updated
1.1 (current version) 888 5/11/2018
1.0 312 6/18/2017