NtObjectManager.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <!-- Cmdlet: Get-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDirectory</command:name> <command:verb>Get</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Open a NT object directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT object directory. It's possible to open a directory by its NT path, such as \Some\Path or it can also open a private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtDirectory \BaseNamedObjects</dev:code> <dev:remarks> <maml:para>Get a directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -Path \BaseNamedObjects $obj.Query()</dev:code> <dev:remarks> <maml:para>Get a directory object and query its list of entries.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Get a private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms684318(v=vs.85).aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtDirectory</command:name> <command:verb>New</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Create a new NT object directory by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT object directory. It's possible to create a directory by its NT path, such as \Some\Path or it can also create a new private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtDirectory</dev:code> <dev:remarks> <maml:para>Create a new anonymous directory object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtDirectory \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new directory object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$shadow = Get-NtDirectory \SomeDir $obj = New-NtDirectory \BaseNamedObjects\ABC -ShadowDirectory $shadow</dev:code> <dev:remarks> <maml:para>Create a new directory object with a shadow directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Create a new private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682419%28v=vs.85%29.aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtEvent</command:name> <command:verb>Get</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Open a NT event object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT event object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get an event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Get an event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Get an event object, and set it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtEvent</command:name> <command:verb>New</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Create a new NT event object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT event object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtEvent</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$mutant = New-NtEvent -InitialState $true</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object with it initially set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Create a new event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Create a new event object, and set it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFile</command:name> <command:verb>Get</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Open a existing NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simply calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>If specified the path is considered a Win32 style path and converted automatically before being used.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>If specified the path is considered a Win32 style path and converted automatically before being used.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtFile \??\C:\Windows\Notepad.exe</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = Get-NtFile Notepad.exe -Root $root</dev:code> <dev:remarks> <maml:para>Open a file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtFile c:\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtFile ..\..\..\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtFile</command:name> <command:verb>New</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Create a new NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Achive, Device, Normal, Temporary, SparseFile, RepasePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Achive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">RepasePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>If specified the path is considered a Win32 style path and converted automatically before being used.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Achive, Device, Normal, Temporary, SparseFile, RepasePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Achive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">RepasePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>If specified the path is considered a Win32 style path and converted automatically before being used.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Attributes Hidden</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path, with the hidden attribute.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = New-NtFile Temp\abc.txt -Root $root</dev:code> <dev:remarks> <maml:para>Creates a new file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = New-NtFile c:\Windows\Temp\abc.txt -Win32Path</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition CreateIf</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then open it rather than failing.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition Supersede</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then replace it with the new file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Options SynchronousIoNonAlert -Access GenericRead,GenericWrite,Synchronize $stm = $obj.ToStream($true) $stm.WriteByte(1)</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path then writes data to it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtHandle --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtHandle</command:name> <command:verb>Get</command:verb> <command:noun>NtHandle</command:noun> <maml:description> <maml:para>Get NT handle information.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets handle information for all process on the system. You can specify a specific process by setting the -ProcessId parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtHandle</maml:name> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: NoQuery --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoQuery</maml:name> <maml:description> <maml:para>Specify that the returned handle entries should not be queried for additional information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: NoQuery --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoQuery</maml:name> <maml:description> <maml:para>Specify that the returned handle entries should not be queried for additional information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtHandle --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtHandle</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtHandle</dev:code> <dev:remarks> <maml:para>Get all NT handles.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtHandle 1234</dev:code> <dev:remarks> <maml:para>Get all NT handles filtered to a specific Process ID</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtHandle $pid</dev:code> <dev:remarks> <maml:para>Get all NT handles for the current process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtHandle 1234 -NoQuery</dev:code> <dev:remarks> <maml:para>Get all NT handles filtered to a specific Process ID but don't try and query information about the handle such as name.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Add-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Add-NtKey</command:name> <command:verb>Add</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Loads a new registry hive.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet loads a registry hive to somewhere in the registry namespace. If the hive file doesn't exist it will be created.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Add-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: KeyPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>KeyPath</maml:name> <maml:description> <maml:para>Specifes the path to where the hive should be loaded.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LoadFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LoadFlags</maml:name> <maml:description> <maml:para>Specifes the flags for loading the hive.</maml:para> <maml:para>Possible values: None, AppKey, Exclusive, Unknown800, ReadOnly</maml:para> </maml:description> <command:parameterValue required="true">LoadKeyFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LoadKeyFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown800</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: KeyPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>KeyPath</maml:name> <maml:description> <maml:para>Specifes the path to where the hive should be loaded.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: LoadFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LoadFlags</maml:name> <maml:description> <maml:para>Specifes the flags for loading the hive.</maml:para> <maml:para>Possible values: None, AppKey, Exclusive, Unknown800, ReadOnly</maml:para> </maml:description> <command:parameterValue required="true">LoadKeyFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LoadKeyFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown800</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$token = Get-NtTokenPrimary $token.SetPrivilege("SeRestorePrivilege", $true) $obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC</dev:code> <dev:remarks> <maml:para>Load a hive to a new attachment point.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC -LoadFlags AppKey</dev:code> <dev:remarks> <maml:para>Load a app hive to a new attachment point (can be done without privileges).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC -LoadFlags AppKey,ReadOnly</dev:code> <dev:remarks> <maml:para>Load a app hive to a new attachment point read-only.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtKey</command:name> <command:verb>Get</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Open a NT key object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT key object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software</dev:code> <dev:remarks> <maml:para>Get a key object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtKey \Registry\Machine $obj = Get-NtKey Software -Root $root</dev:code> <dev:remarks> <maml:para>Get a key object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software $obj.QueryKeys()</dev:code> <dev:remarks> <maml:para>Get a key object, and enumerate its subkeys</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software $obj.QueryValues()</dev:code> <dev:remarks> <maml:para>Get a key object, and enumerate its values</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtKey</command:name> <command:verb>New</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Create a new NT key object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT key object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtKey \Registry\Machine\Software\ABC</dev:code> <dev:remarks> <maml:para>Create a new key object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtKey -Path \Registry\Machine\Software\ABC $obj.SetValue("ValueName", String, "DataValue")</dev:code> <dev:remarks> <maml:para>Create a new event object and set a string value.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtMutant --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtMutant</command:name> <command:verb>Get</command:verb> <command:noun>NtMutant</command:noun> <maml:description> <maml:para>Open a NT mutant object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT mutant object (also known as a mutex). The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtMutant</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtMutant --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtMutant</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtMutant \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a mutant object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtMutant ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtMutant -Path \BaseNamedObjects\ABC $obj.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Get a mutant object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtMutant --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtMutant</command:name> <command:verb>New</command:verb> <command:noun>NtMutant</command:noun> <maml:description> <maml:para>Create a new NT mutant object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT mutant object (also known as a mutex). The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtMutant</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InitialOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialOwner</maml:name> <maml:description> <maml:para>Specify to indicate the caller is the initial owner of the mutant.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialOwner</maml:name> <maml:description> <maml:para>Specify to indicate the caller is the initial owner of the mutant.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtMutant --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtMutant</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtMutant</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtMutant \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new mutant object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtMutant ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$mutant = New-NtMutant -InitialOwner</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object with the caller as the initial owner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtMutant $mutant.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtObject</command:name> <command:verb>Get</command:verb> <command:noun>NtObject</command:noun> <maml:description> <maml:para>Open an NT object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an NT object by its path. The returned object will be a type specific to the actual underlying NT type.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtObject</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>The type of object will try and be determined automatically, however in cases where this isn't possible the NT type name can be specified here. This needs to be a value such as Directory, SymbolicLink, Mutant etc.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>The type of object will try and be determined automatically, however in cases where this isn't possible the NT type name can be specified here. This needs to be a value such as Directory, SymbolicLink, Mutant etc.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtObject --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a existing object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects -TypeName Directory</dev:code> <dev:remarks> <maml:para>Get a existing object with an explicit type.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects $obj = Get-NtObject ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an existing object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Use-NtObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Use-NtObject</command:name> <command:verb>Use</command:verb> <command:noun>NtObject</command:noun> <maml:description> <maml:para>Use an NtObject (or list of NtObject) and automatically close the objects after use.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to scope the use of NtObject, similar to the using statement in C#. When the script block passed to this cmdlet goes out of scope the input object is automatically disposed of, ensuring any native resources are closed to prevent leaks.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Use-NtObject</maml:name> <!-- Parameter: InputObject --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>InputObject</maml:name> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> <command:parameterValue required="true">object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Specify the script block to execute.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InputObject --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>InputObject</maml:name> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> <command:parameterValue required="true">object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Specify the script block to execute.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ps = Use-NtObject (Get-NtProcess) { param ($ps); $ps | Select-Object Name, CommandLine }</dev:code> <dev:remarks> <maml:para>Select Name and CommandLine from a list of processes and dispose of the list afterwards.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtProcess</command:name> <command:verb>Get</command:verb> <command:noun>NtProcess</command:noun> <maml:description> <maml:para>Get NT processes.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets all accessible processes on the system. You can specify a specific process by setting the -ProcessId parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtProcess</maml:name> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CommandLine</maml:name> <maml:description> <maml:para>Specify sub-string in the command line to filter the list on. If Name is also specified this will just select processes with that name with this sub-string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify a executable name to filter the list on.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify a executable name to filter the list on.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CommandLine</maml:name> <maml:description> <maml:para>Specify sub-string in the command line to filter the list on. If Name is also specified this will just select processes with that name with this sub-string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtProcess --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ps = Get-NtProcess</dev:code> <dev:remarks> <maml:para>Get all NT processes accessible by the current user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Access DupHandle</dev:code> <dev:remarks> <maml:para>Get all NT processes accessible by the current user for duplicate handle access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234</dev:code> <dev:remarks> <maml:para>Get a specific process</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234 -Access QueryInformation $p.CommandLine</dev:code> <dev:remarks> <maml:para>Get a command line of a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234 -Access QueryInformation $p.FullPath</dev:code> <dev:remarks> <maml:para>Get a native image path of a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$p = Get-NtProcess $pid</dev:code> <dev:remarks> <maml:para>Get the current process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Name notepad.exe</dev:code> <dev:remarks> <maml:para>Get all processes with the name notepad.exe.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$ps = Get-NtProcess -CommandLine hello</dev:code> <dev:remarks> <maml:para>Get all processes with where the command line contains the string "hello".</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Name notepad.exe -CommandLine hello</dev:code> <dev:remarks> <maml:para>Get all processes with the name notepad.exe where the command line contains the string "hello".</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>$ps = Get-NtProcess -FilterScript { param($p); p.SessionId -eq 1 }</dev:code> <dev:remarks> <maml:para>Get all processes in session 1.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 11 ----------</maml:title> <dev:code>$ps = Get-NtProcess -FilterScript { param($p); $p.Mitigations.DisallowWin32kSystemCalls -eq $true }</dev:code> <dev:remarks> <maml:para>Get all processes with the Disallow Win32k System Calls mitigation policy.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSecurityDescriptor --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSecurityDescriptor</command:name> <command:verb>New</command:verb> <command:noun>NtSecurityDescriptor</command:noun> <maml:description> <maml:para>Create a new security descriptor which can be used on NT objects.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new instance of a SecurityDescriptor object. This can be used directly with one of the New-Nt* cmdlets (via the -SecurityDescriptor parameter) or by calling SetSecurityDescriptor on an existing object (assume the object has been opened with the correct permissions.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSecurityDescriptor</maml:name> <!-- Parameter: NullDacl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NullDacl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor with a NULL DACL.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from an SDDL representation.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from the default DACL of a token object.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: NullDacl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NullDacl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor with a NULL DACL.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from an SDDL representation.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from the default DACL of a token object.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: SecurityDescriptor --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -Sddl "O:BAG:BAD:(A;;GA;;;WD)"</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object from an SDDL string</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -NullDacl</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object with a NULL DACL.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -Sddl "D:(A;;GA;;;WD)" $obj = New-NtDirectory \BaseNamedObjects\ABC -SecurityDescriptor $sd</dev:code> <dev:remarks> <maml:para>Create a new object directory with an explicit security descriptor.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtSemaphore --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSemaphore</command:name> <command:verb>Get</command:verb> <command:noun>NtSemaphore</command:noun> <maml:description> <maml:para>Open a NT semaphore object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT semaphore object (also known as a mutex). The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSemaphore</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSemaphore --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSemaphore</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtSemaphore \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a semaphore object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtSemaphore ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a semaphore object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtSemaphore -Path \BaseNamedObjects\ABC $obj.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Get a semaphore object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSemaphore --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSemaphore</command:name> <command:verb>New</command:verb> <command:noun>NtSemaphore</command:noun> <maml:description> <maml:para>Create a new NT semaphore object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT semaphore object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSemaphore</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InitialCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialCount</maml:name> <maml:description> <maml:para>Specify the intial count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumCount</maml:name> <maml:description> <maml:para>Specify the maximum count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialCount</maml:name> <maml:description> <maml:para>Specify the intial count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumCount</maml:name> <maml:description> <maml:para>Specify the maximum count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSemaphore --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSemaphore</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtSemaphore</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtSemaphore \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new semaphore object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtSemaphore ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new semaphore object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$semaphore = New-NtSemaphore -MaximumCount 10</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object a maximum count of 10.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$semaphore = New-NtSemaphore -InitialCount 1</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object the initial count set to 1.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtSemaphore -InitialCount 1 $semaphore.Wait(10) # Do something with the semaphore... $obj.Release(1)</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object with an initial count of 1, decrement the semaphore via Wait with a 10 second wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtSymbolicLink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSymbolicLink</command:name> <command:verb>Get</command:verb> <command:noun>NtSymbolicLink</command:noun> <maml:description> <maml:para>Open a existing NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT symbolic link object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSymbolicLink</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtSymbolicLink \DosDevices\ABC</dev:code> <dev:remarks> <maml:para>Open a symbolic link object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices $obj = Get-NtSymbolicLink ABC -Root $root</dev:code> <dev:remarks> <maml:para>Open a symbolic link object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtSymbolicLink \DosDevices\ABC $obj.Query()</dev:code> <dev:remarks> <maml:para>Open a symbolic link object and query its target.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSymbolicLink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSymbolicLink</command:name> <command:verb>New</command:verb> <command:noun>NtSymbolicLink</command:noun> <maml:description> <maml:para>Create a new NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT symbolic link object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSymbolicLink</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target NT object manager path to follow if processing this symbolic link.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target NT object manager path to follow if processing this symbolic link.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtSymbolicLink -TargetPath \Symlink\Target</dev:code> <dev:remarks> <maml:para>Create a new anonymous symbolic link object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtSymbolicLink \DosDevices\ABC \Symlink\Target</dev:code> <dev:remarks> <maml:para>Create a new symbolic link object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices $obj = New-NtSymbolicLink ABC \Symlink\Target -Root $root</dev:code> <dev:remarks> <maml:para>Create a new symbolic link object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtSymbolicLinkTarget --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSymbolicLinkTarget</command:name> <command:verb>Get</command:verb> <command:noun>NtSymbolicLinkTarget</command:noun> <maml:description> <maml:para>Get the target path for an existing NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT symbolic link object and queries its target path. That can be done using Get-NtSymbolicLink and the Query method but this simplifies the operation so that the object handle doesn't have to be closed.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSymbolicLinkTarget</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtSymbolicLinkTarget \DosDevices\ABC</dev:code> <dev:remarks> <maml:para>Gets the symbolic link object target with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices Get-NtSymbolicLinkTarget ABC -Root $root</dev:code> <dev:remarks> <maml:para>Gets the symbolic link object target with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtThread --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtThread</command:name> <command:verb>Get</command:verb> <command:noun>NtThread</command:noun> <maml:description> <maml:para>Get NT threads.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets all accessible threads on the system. You can specify a specific thread by setting the -ThreadId parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtThread</maml:name> <!-- Parameter: ThreadId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: DirectImpersonation, GetContext, Impersonate, QueryInformation, QueryLimitedInformation, SetContext, SetInformation, SetLimitedInformation, SetThreadToken, SuspendResume, Terminate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ThreadId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>tid</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> <maml:para>This is an alias of the ThreadId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: DirectImpersonation, GetContext, Impersonate, QueryInformation, QueryLimitedInformation, SetContext, SetInformation, SetLimitedInformation, SetThreadToken, SuspendResume, Terminate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtThread --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ts = Get-NtThread</dev:code> <dev:remarks> <maml:para>Get all NT threads accessible by the current user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ts = Get-NtThread -Access Impersonate</dev:code> <dev:remarks> <maml:para>Get all NT threads accessible by the current user for impersonate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$t = Get-NtThread 1234</dev:code> <dev:remarks> <maml:para>Get a specific thread.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$t = Get-NtThread -ProcessId 1234</dev:code> <dev:remarks> <maml:para>Get threads for a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$ts = Get-NtThread -FilterScript { param($t); Use-NtObject($k = $t.OpenToken()) { $k -ne $null } }</dev:code> <dev:remarks> <maml:para>Get threads which have impersonation tokens set.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtTokenEffective --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtTokenEffective</command:name> <command:verb>Get</command:verb> <command:noun>NtTokenEffective</command:noun> <maml:description> <maml:para>Open the effective NT token from a thread.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets a the effective token from a thread. If the thread is not currently impersonating the associated process primary token will be opened instead. You can specify a specific thread -Thread parameter otherwise the current thread is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtTokenEffective</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective</dev:code> <dev:remarks> <maml:para>Get current threads primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective -Access Duplicate</dev:code> <dev:remarks> <maml:para>Get current threads primary token for Duplicate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective -Duplicate -TokenType Primary</dev:code> <dev:remarks> <maml:para>Get current threads primary token and convert to an primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective -Access AdjustPrivileges $obj.SetPrivilege("SeDebugPrivilege", $true)</dev:code> <dev:remarks> <maml:para>Enable debug privilege on current token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective $obj.GetPrivileges()</dev:code> <dev:remarks> <maml:para>Query the privileges of a token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = Get-NtTokenEffective $obj.GetGroups()</dev:code> <dev:remarks> <maml:para>Query the groups of a token.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtTokenPrimary --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtTokenPrimary</command:name> <command:verb>Get</command:verb> <command:noun>NtTokenPrimary</command:noun> <maml:description> <maml:para>Open primary NT token from a process.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets a primary token from a process. You can specify a specific process -Process parameter otherwise the current process is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtTokenPrimary</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify the process to open the token from. If not set will use the current process.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify the process to open the token from. If not set will use the current process.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary</dev:code> <dev:remarks> <maml:para>Get current process' primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary -Access Duplicate</dev:code> <dev:remarks> <maml:para>Get current process' primary token for Duplicate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary -Duplicate -TokenType Impersonation -ImpersonationLevel Impersonation</dev:code> <dev:remarks> <maml:para>Get current process' primary token and convert to an impersonation token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary -Access AdjustPrivileges $obj.SetPrivilege("SeDebugPrivilege", $true)</dev:code> <dev:remarks> <maml:para>Enable debug privilege on current token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary $obj.GetPrivileges()</dev:code> <dev:remarks> <maml:para>Query the privileges of a token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary $obj.GetGroups()</dev:code> <dev:remarks> <maml:para>Query the groups of a token.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtTokenThread --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtTokenThread</command:name> <command:verb>Get</command:verb> <command:noun>NtTokenThread</command:noun> <maml:description> <maml:para>Open impersonation NT token from a thread.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets an impersonation token from a thread. You can specify a specific thread -Thread parameter otherwise the current thread is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtTokenThread</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the time. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread</dev:code> <dev:remarks> <maml:para>Get current threads primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread -Access Duplicate</dev:code> <dev:remarks> <maml:para>Get current threads primary token for Duplicate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread -Duplicate -TokenType Primary</dev:code> <dev:remarks> <maml:para>Get current threads primary token and convert to an primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread -Access AdjustPrivileges $obj.SetPrivilege("SeDebugPrivilege", $true)</dev:code> <dev:remarks> <maml:para>Enable debug privilege on current token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread $obj.GetPrivileges()</dev:code> <dev:remarks> <maml:para>Query the privileges of a token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = Get-NtTokenThread $obj.GetGroups()</dev:code> <dev:remarks> <maml:para>Query the groups of a token.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtType --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtType</command:name> <command:verb>Get</command:verb> <command:noun>NtType</command:noun> <maml:description> <maml:para>Get NT type information.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets NT type information from the operating system. If run without parameters it'll retrieve all types. You can limit it to only one type using the -TypeName parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtType</maml:name> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify a specific NT type to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify a specific NT type to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtType --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtType</dev:code> <dev:remarks> <maml:para>Get all NT types.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtType | Where-Object SecurityRequired -eq $False</dev:code> <dev:remarks> <maml:para>Get all NT types which don't require security.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtType Directory</dev:code> <dev:remarks> <maml:para>Get the Directory NT type.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Start-NtWait --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Start-NtWait</command:name> <command:verb>Start</command:verb> <command:noun>NtWait</command:noun> <maml:description> <maml:para>Wait on one or more NT objects to become signalled.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to issue a wait on one or more NT objects until they become signalled. This is used for example to acquire a Mutant, decrement a Semaphore or wait for a Process to exit. The timeout value is a combination of all the allowed time parameters, e.g. if you specify 1 second and 1000 milliseconds it will actually wait 2 seconds in total. Specifying -Infinite overrides the time parameters and will wait indefinitely.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Start-NtWait</maml:name> <!-- Parameter: Objects --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Objects</maml:name> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Hours --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>Hours</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSeconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>MilliSeconds</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minutes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>Minutes</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Seconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>Seconds</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: WaitAll --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WaitAll</maml:name> <maml:description> <maml:para>Specify a multiple object wait should exit only when all objects becomes signalled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Objects --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Objects</maml:name> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Seconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>Seconds</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>s</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> <maml:para>This is an alias of the Seconds parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSeconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>MilliSeconds</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>ms</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> <maml:para>This is an alias of the MilliSeconds parameter.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minutes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>Minutes</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>m</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> <maml:para>This is an alias of the Minutes parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Hours --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>Hours</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>h</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> <maml:para>This is an alias of the Hours parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: WaitAll --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WaitAll</maml:name> <maml:description> <maml:para>Specify a multiple object wait should exit only when all objects becomes signalled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtStatus --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtStatus</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects Start-NtWait $ev -Seconds 10</dev:code> <dev:remarks> <maml:para>Get an event and wait for 10 seconds for it to be signalled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects $ev | Start-NtWait -Infinite</dev:code> <dev:remarks> <maml:para>Get an event and wait indefinitely for it to be signalled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects $ev | Start-NtWait -Infinite -Alertable</dev:code> <dev:remarks> <maml:para>Get an event and wait indefinitely for it to be signalled or alerted.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$evs = @($ev1, $ev2)$ Start-NtWait $evs -WaitAll -Seconds 100</dev:code> <dev:remarks> <maml:para>Get a list of events and wait 100 seconds for all events to be signalled.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> </helpItems> |