NtObjectManager.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <!-- Cmdlet: Get-AccessibleDevice --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleDevice</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleDevice</command:noun> <maml:description> <maml:para>Get a list of devices that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a device and optionally tries to determine if one or more specified tokens can open it. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleDevice</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckEaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckEaBuffer</maml:name> <maml:description> <maml:para>Check whether the device can be accessed with an EA buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for device and/or namespace.</maml:para> <maml:para>Possible values: DeviceOnly, NamespaceOnly, DeviceAndNamespace</maml:para> </maml:description> <command:parameterValue required="true">DeviceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.DeviceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Mode for checking device object.</maml:para> </maml:description> </dev:type> <dev:defaultValue>DeviceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DeviceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NamespaceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceAndNamespace</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>If CheckEaBuffer enabled specify an explicit buffer instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: NamespacePath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NamespacePath</maml:name> <maml:description> <maml:para>If check mode allows namespace paths specify a list of namespace paths to check for access to the device namespace instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenOptions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOptions</maml:name> <maml:description> <maml:para>Specify open options for access.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the directories for devices.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the directories for devices.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Check mode for device and/or namespace.</maml:para> <maml:para>Possible values: DeviceOnly, NamespaceOnly, DeviceAndNamespace</maml:para> </maml:description> <command:parameterValue required="true">DeviceCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.DeviceCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Mode for checking device object.</maml:para> </maml:description> </dev:type> <dev:defaultValue>DeviceOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">DeviceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NamespaceOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeviceAndNamespace</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: NamespacePath --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NamespacePath</maml:name> <maml:description> <maml:para>If check mode allows namespace paths specify a list of namespace paths to check for access to the device namespace instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckEaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckEaBuffer</maml:name> <maml:description> <maml:para>Check whether the device can be accessed with an EA buffer.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>If CheckEaBuffer enabled specify an explicit buffer instead of a default.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenOptions --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOptions</maml:name> <maml:description> <maml:para>Specify open options for access.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check. Can refer to object directories to search for device objects or explicit paths.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check write accessible devices under \Device for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device -CheckMode DeviceAndNamespace</dev:code> <dev:remarks> <maml:para>Check accessible devices under \Device for the current process token including ones under a namespace.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices under \ for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-AccessibleDevice \Device\Afd,\Device\Blah</dev:code> <dev:remarks> <maml:para>Check two devices for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices under with write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>Get-AccessibleDevice \ -Recurse -AccessRights GenericWrite -AllowPartialAccess</dev:code> <dev:remarks> <maml:para>Check recursively for accessible devices with partial write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleDevice \Device -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all devices which can be written to in \Device by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleFile</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleFile</command:noun> <maml:description> <maml:para>Get a list of files that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a file or directory and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleFile</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.FileCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> </maml:description> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccessRights</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a directory must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DirectoryAccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccessRights</maml:name> <maml:description> <maml:para>Specify a set of directory access rights which a directory must at least be accessible for to count as an access.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> <maml:para>Possible values: All, FilesOnly, DirectoriesOnly</maml:para> </maml:description> <command:parameterValue required="true">FileCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.FileCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Limit access check to specific types of files.</maml:para> </maml:description> </dev:type> <dev:defaultValue>All</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">FilesOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoriesOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows</dev:code> <dev:remarks> <maml:para>Check accessible file c:\Windows for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible file c:\Windows for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleFile \??\C:\Windows -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleFile -Win32Path C:\Windows -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token using a Win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleFile -Win32Path C:\Windows -Recurse -MaxDepth 2</dev:code> <dev:remarks> <maml:para>Check recursively for check accessible files under c:\Windows for the current process token using a Win32 path with a max depth of 2.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleFile \??\C:\Windows -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all files with can be written to \??\C:\Windows by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleKey</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleKey</command:noun> <maml:description> <maml:para>Get a list of Registry Keys that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a registry key and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleKey</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software</dev:code> <dev:remarks> <maml:para>Check accessible keys \Registry\Machine\Software for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible keys \Registry\Machine\Software for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys \Registry\Machine\Software for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleKey \Registry\Machine\Software -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys \Registry\Machine\Software for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleKey -Win32Path HKLM\Software -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible keys NT path HKEY_LOCAL_MACHINE for the current process token using a Win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleKey -Win32Path HKCU -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all keys with can be written to in HKEY_CURRENT_USER by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleNamedPipe --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleNamedPipe</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleNamedPipe</command:noun> <maml:description> <maml:para>Get a list of named pipes that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks for named pipes and tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleNamedPipe</maml:name> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenServer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenServer</maml:name> <maml:description> <maml:para>Try and open the server end rather than the client end of the pipe.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenServer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenServer</maml:name> <maml:description> <maml:para>Try and open the server end rather than the client end of the pipe.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe</dev:code> <dev:remarks> <maml:para>Check accessible named pipes for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe -OpenServer</dev:code> <dev:remarks> <maml:para>Check accessible named pipes server end points which can be opened for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleNamedPipe -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible named pipes for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleNamedPipes -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all named pipes with can be written to by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleObject</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleObject</command:noun> <maml:description> <maml:para>Get a list of NT objects that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks a NT object key and optionally tries to determine if one or more specified tokens can open them. If no tokens are specified the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: handles --> <command:syntaxItem> <maml:name>Get-AccessibleObject</maml:name> <!-- Parameter: FromHandles --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FromHandles</maml:name> <maml:description> <maml:para>Specify to find objects based on handles rather than enumerating named paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckUnnamed --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckUnnamed</maml:name> <maml:description> <maml:para>Specify when enumerating handles to also check unnamed objects.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: path --> <command:syntaxItem> <maml:name>Get-AccessibleObject</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeFilter --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeFilter</maml:name> <maml:description> <maml:para>Specify list of NT object types to filter on.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FromHandles --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>FromHandles</maml:name> <maml:description> <maml:para>Specify to find objects based on handles rather than enumerating named paths.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckUnnamed --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckUnnamed</maml:name> <maml:description> <maml:para>Specify when enumerating handles to also check unnamed objects.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Specify a list of paths in a Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FormatWin32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FormatWin32Path</maml:name> <maml:description> <maml:para>When generating the results format path in Win32 format.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Recurse --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Recurse</maml:name> <maml:description> <maml:para>Specify whether to recursively check the path for access.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MaxDepth --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaxDepth</maml:name> <maml:description> <maml:para>When recursing specify maximum depth.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of native paths to check.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects</dev:code> <dev:remarks> <maml:para>Check accessible objects under \ for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>Check accessible objects under \BaseNamedObjects for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-AccessibleObject \BaseNamedObjects -Recurse -MaxDepth 5</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under \BaseNamedObjects for the current process token to a maximum depth of 5.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-AccessibleObject -Win32Path \ -Recurse</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under the user's based named objects for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-AccessibleObject \ -Recurse -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under with write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-AccessibleObject \ -Recurse -AccessRights GenericWrite -AllowPartialAccess</dev:code> <dev:remarks> <maml:para>Check recursively for accessible objects under with partial write access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleObject \BaseNamedObjects -Recurse -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all object which can be written to in \BaseNamedObjects by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleProcess</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleProcess</command:noun> <maml:description> <maml:para>Get a list of processes and/or threads that can be opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all processes and threads and tries to determine if one or more specified tokens can open them to them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleProcess</maml:name> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify what objects to check for.</maml:para> <maml:para>Possible values: ProcessOnly, ThreadOnly, ProcessAndThread</maml:para> </maml:description> <command:parameterValue required="true">ProcessCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.ProcessCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify what objects to query for.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ProcessOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ProcessOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ThreadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAndThread</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead processes should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ThreadAccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccessRights</maml:name> <maml:description> <maml:para>Specify specific access rights for threads.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: CheckMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckMode</maml:name> <maml:description> <maml:para>Specify what objects to check for.</maml:para> <maml:para>Possible values: ProcessOnly, ThreadOnly, ProcessAndThread</maml:para> </maml:description> <command:parameterValue required="true">ProcessCheckMode</command:parameterValue> <dev:type> <maml:name>NtObjectManager.ProcessCheckMode</maml:name> <maml:uri /> <maml:description> <maml:para>Specify what objects to query for.</maml:para> </maml:description> </dev:type> <dev:defaultValue>ProcessOnly</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ProcessOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ThreadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAndThread</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ThreadAccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccessRights</maml:name> <maml:description> <maml:para>Specify specific access rights for threads.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ShowDeadProcesses --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShowDeadProcesses</maml:name> <maml:description> <maml:para>Specify that dead processes should be shown.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: ProcessAccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.ProcessAccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Access check result for a process.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleProcess</dev:code> <dev:remarks> <maml:para>Check all accessible processes for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleProcess -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible processes for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleProcess -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all processes with can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-AccessibleService --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-AccessibleService</command:name> <command:verb>Get</command:verb> <command:noun>AccessibleService</command:noun> <maml:description> <maml:para>Get a list of services opened by a specified token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet checks all services and tries to determine if one or more specified tokens can open them to them. If no tokens are specified then the current process token is used.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-AccessibleService</maml:name> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify names of services to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: ChangeConfig, EnumerateDependents, Interrogate, PauseContinue, QueryConfig, QueryStatus, Start, Stop, UserDefinedControl, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>SandboxAnalysisUtils.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CheckScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckScmAccess</maml:name> <maml:description> <maml:para>Check access to the SCM.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify names of services to check.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CheckScmAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CheckScmAccess</maml:name> <maml:description> <maml:para>Check access to the SCM.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AccessRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessRights</maml:name> <maml:description> <maml:para>Access rights to check for in an object's access.</maml:para> <maml:para>Possible values: ChangeConfig, EnumerateDependents, Interrogate, PauseContinue, QueryConfig, QueryStatus, Start, Stop, UserDefinedControl, All, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ServiceAccessRights</command:parameterValue> <dev:type> <maml:name>SandboxAnalysisUtils.ServiceAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ChangeConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateDependents</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interrogate</command:parameterValue> <command:parameterValue required="false" variableLength="false">PauseContinue</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryConfig</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryStatus</command:parameterValue> <command:parameterValue required="false" variableLength="false">Start</command:parameterValue> <command:parameterValue required="false" variableLength="false">Stop</command:parameterValue> <command:parameterValue required="false" variableLength="false">UserDefinedControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AllowPartialAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AllowPartialAccess</maml:name> <maml:description> <maml:para>If AccessRights specified require that only part of the access rights are required to match an access check.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessIds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessIds</maml:name> <maml:description> <maml:para>Specify a list of process IDs to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">int[]</command:parameterValue> <dev:type> <maml:name>System.Int32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessNames --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessNames</maml:name> <maml:description> <maml:para>Specify a list of process names to open for their tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessCommandLines --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessCommandLines</maml:name> <maml:description> <maml:para>Specify a list of command lines to filter on find for the process tokens.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Tokens --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Tokens</maml:name> <maml:description> <maml:para>Specify a list token objects.</maml:para> </maml:description> <command:parameterValue required="true">NtToken[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Processes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Processes</maml:name> <maml:description> <maml:para>Specify a list of process objects to get tokens from.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: AccessCheckResult --> <command:returnValue> <dev:type> <maml:name>NtObjectManager.AccessCheckResult</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>General Access check result.</maml:para> </maml:description> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-AccessibleService</dev:code> <dev:remarks> <maml:para>Check all accessible services for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-AccessibleService -CheckScmAccess</dev:code> <dev:remarks> <maml:para>Check access to the SCM for the current process token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-AccessibleService -ProcessIds 1234,5678</dev:code> <dev:remarks> <maml:para>>Check all accessible services for the process tokens of PIDs 1234 and 5678</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Get-NtToken -Primary -Duplicate -IntegrityLevel Low Get-AccessibleService -Tokens $token -AccessRights GenericWrite</dev:code> <dev:remarks> <maml:para>Get all services with can be written by a low integrity copy of current token.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtAccessMask --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtAccessMask</command:name> <command:verb>Get</command:verb> <command:noun>NtAccessMask</command:noun> <maml:description> <maml:para>Convert a specific object access to an AccessMask or GenericAccess.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to convert a specific object access to an AccessMask or GenericAccess for use in general functions.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtAccessMask</maml:name> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify a raw access mask.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: AlpcPortAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AlpcPortAccess</maml:name> <maml:description> <maml:para>Specify ALPC Port access rights.</maml:para> <maml:para>Possible values: Connect, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">AlpcAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DebugObjectAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DebugObjectAccess</maml:name> <maml:description> <maml:para>Specify Debug Object access rights.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify Directory access rights.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EventAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventAccess</maml:name> <maml:description> <maml:para>Specify Event access rights.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileAccess</maml:name> <maml:description> <maml:para>Specify File access rights.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileDirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileDirectoryAccess</maml:name> <maml:description> <maml:para>Specify File Directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: GenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericAccess</maml:name> <maml:description> <maml:para>Specify Generic access rights.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IoCompletionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IoCompletionAccess</maml:name> <maml:description> <maml:para>Specify IO Completion access rights.</maml:para> <maml:para>Possible values: QueryState, SetCompletion, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">IoCompletionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.IoCompletionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: JobAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>JobAccess</maml:name> <maml:description> <maml:para>Specify Job access rights.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: KeyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>KeyAccess</maml:name> <maml:description> <maml:para>Specify Key access rights.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ManadatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ManadatoryLabelPolicy</maml:name> <maml:description> <maml:para>Specify mandatory label policy.</maml:para> <maml:para>Possible values: NoWriteUp, NoReadUp, NoExecuteUp</maml:para> </maml:description> <command:parameterValue required="true">MandatoryLabelPolicy</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MandatoryLabelPolicy</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NoWriteUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoReadUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoExecuteUp</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MutantAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MutantAccess</maml:name> <maml:description> <maml:para>Specify Mutant access rights.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ProcessAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessAccess</maml:name> <maml:description> <maml:para>Specify Process access rights.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RegistryTransactionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RegistryTransactionAccess</maml:name> <maml:description> <maml:para>Specify Registry Transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">RegistryTransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.RegistryTransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SectionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAccess</maml:name> <maml:description> <maml:para>Specify Section access rights.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SemaphoreAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SemaphoreAccess</maml:name> <maml:description> <maml:para>Specify Semaphore access rights.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SymbolicLinkAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SymbolicLinkAccess</maml:name> <maml:description> <maml:para>Specify Symbolic Link access rights.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ThreadAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify Thread access rights.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ToGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TokenAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenAccess</maml:name> <maml:description> <maml:para>Specify Token access rights.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ToMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ToSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify a raw access mask.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>00000000</dev:defaultValue> </command:parameter> <!-- Parameter: ToGenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToGenericAccess</maml:name> <maml:description> <maml:para>Return access as GenericAccess.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ToMandatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToMandatoryLabelPolicy</maml:name> <maml:description> <maml:para>Return access as ManadatoryLabelPolicy.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ToSpecificAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ToSpecificAccess</maml:name> <maml:description> <maml:para>Return access as specific access type based on the NtType.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapGenericRights --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapGenericRights</maml:name> <maml:description> <maml:para>Specify that any generic rights should be mapped to type specific rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FileAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileAccess</maml:name> <maml:description> <maml:para>Specify File access rights.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FileDirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FileDirectoryAccess</maml:name> <maml:description> <maml:para>Specify File Directory access rights.</maml:para> <maml:para>Possible values: None, ListDirectory, AddFile, AddSubDirectory, ReadEa, WriteEa, Traverse, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileDirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ListDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">AddSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IoCompletionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IoCompletionAccess</maml:name> <maml:description> <maml:para>Specify IO Completion access rights.</maml:para> <maml:para>Possible values: QueryState, SetCompletion, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">IoCompletionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.IoCompletionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetCompletion</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: MutantAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MutantAccess</maml:name> <maml:description> <maml:para>Specify Mutant access rights.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SemaphoreAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SemaphoreAccess</maml:name> <maml:description> <maml:para>Specify Semaphore access rights.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RegistryTransactionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RegistryTransactionAccess</maml:name> <maml:description> <maml:para>Specify Registry Transaction access rights.</maml:para> <maml:para>Possible values: QueryInformation, SetInformation, Enlist, Commit, Rollback, Propagate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">RegistryTransactionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.RegistryTransactionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Enlist</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Rollback</command:parameterValue> <command:parameterValue required="false" variableLength="false">Propagate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: AlpcPortAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AlpcPortAccess</maml:name> <maml:description> <maml:para>Specify ALPC Port access rights.</maml:para> <maml:para>Possible values: Connect, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">AlpcAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AlpcAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Connect</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SectionAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAccess</maml:name> <maml:description> <maml:para>Specify Section access rights.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: KeyAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>KeyAccess</maml:name> <maml:description> <maml:para>Specify Key access rights.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EventAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventAccess</maml:name> <maml:description> <maml:para>Specify Event access rights.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SymbolicLinkAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SymbolicLinkAccess</maml:name> <maml:description> <maml:para>Specify Symbolic Link access rights.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TokenAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenAccess</maml:name> <maml:description> <maml:para>Specify Token access rights.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: GenericAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>GenericAccess</maml:name> <maml:description> <maml:para>Specify Generic access rights.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DirectoryAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DirectoryAccess</maml:name> <maml:description> <maml:para>Specify Directory access rights.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ThreadAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ThreadAccess</maml:name> <maml:description> <maml:para>Specify Thread access rights.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DebugObjectAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DebugObjectAccess</maml:name> <maml:description> <maml:para>Specify Debug Object access rights.</maml:para> <maml:para>Possible values: ReadEvent, ProcessAssign, SetInformation, QueryInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DebugAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DebugAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ReadEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessAssign</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: JobAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>JobAccess</maml:name> <maml:description> <maml:para>Specify Job access rights.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ProcessAccess --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ProcessAccess</maml:name> <maml:description> <maml:para>Specify Process access rights.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ManadatoryLabelPolicy --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ManadatoryLabelPolicy</maml:name> <maml:description> <maml:para>Specify mandatory label policy.</maml:para> <maml:para>Possible values: NoWriteUp, NoReadUp, NoExecuteUp</maml:para> </maml:description> <command:parameterValue required="true">MandatoryLabelPolicy</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MandatoryLabelPolicy</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NoWriteUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoReadUp</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoExecuteUp</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtAccessMask -Process DupHandle</dev:code> <dev:remarks> <maml:para>Get the Process DupHandle access right as an AccessMask</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtAccessMask -Process DupHandle -ToGenericAccess</dev:code> <dev:remarks> <maml:para>Get the Process DupHandle access right as a GenericAccess value</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtDirectory</command:name> <command:verb>Get</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Open a NT object directory.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT object directory. It's possible to open a directory by its NT path, such as \Some\Path or it can also open a private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtDirectory \BaseNamedObjects</dev:code> <dev:remarks> <maml:para>Get a directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -Path \BaseNamedObjects $obj.Query()</dev:code> <dev:remarks> <maml:para>Get a directory object and query its list of entries.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Get a private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms684318(v=vs.85).aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtDirectory --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtDirectory</command:name> <command:verb>New</command:verb> <command:noun>NtDirectory</command:noun> <maml:description> <maml:para>Create a new NT object directory by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT object directory. It's possible to create a directory by its NT path, such as \Some\Path or it can also create a new private namespace which isn't represented by an accessible NT path but instead uses a boundary descriptor.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtDirectory</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ShadowDirectory --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShadowDirectory</maml:name> <maml:description> <maml:para>Specifies another NT directory object to use as a shadown directory. This changes the lookup operation so that if an entry isn't in the created directory it will try and look it up in the shadown instead.</maml:para> </maml:description> <command:parameterValue required="true">NtDirectory</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PrivateNamespaceDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivateNamespaceDescriptor</maml:name> <maml:description> <maml:para>A string format of a private namespace boundary descriptor. Uses the form [SID[:SID...]@]NAME where SID is an SDDL version of a SID to add to the boundary (such as S-X-X-X or WD) and NAME is the arbitrary name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, Traverse, CreateObject, CreateSubDirectory, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">DirectoryAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.DirectoryAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Traverse</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateObject</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubDirectory</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtDirectory --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtDirectory</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtDirectory</dev:code> <dev:remarks> <maml:para>Create a new anonymous directory object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtDirectory \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new directory object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtDirectory ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new directory object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$shadow = Get-NtDirectory \SomeDir $obj = New-NtDirectory \BaseNamedObjects\ABC -ShadowDirectory $shadow</dev:code> <dev:remarks> <maml:para>Create a new directory object with a shadow directory.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtDirectory -PrivateNamespaceDescriptor WD:LW@ABC</dev:code> <dev:remarks> <maml:para>Create a new private namespace directory object with Everyone and Low Mandatory Level SIDs and name ABC.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682419%28v=vs.85%29.aspx</maml:linkText> </maml:navigationLink> <maml:navigationLink> <maml:linkText>https://msdn.microsoft.com/en-us/library/windows/desktop/ms682121(v=vs.85).aspx</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtEvent</command:name> <command:verb>Get</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Open a NT event object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT event object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get an event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Get an event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Get an event object, and set it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtEvent --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtEvent</command:name> <command:verb>New</command:verb> <command:noun>NtEvent</command:noun> <maml:description> <maml:para>Create a new NT event object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT event object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtEvent</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialState --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialState</maml:name> <maml:description> <maml:para>The initial state of the event object.</maml:para> </maml:description> <command:parameterValue required="true">bool</command:parameterValue> <dev:type> <maml:name>System.Boolean</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: EventType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EventType</maml:name> <maml:description> <maml:para>The type of event to create.</maml:para> <maml:para>Possible values: NotificationEvent, SynchronizationEvent</maml:para> </maml:description> <command:parameterValue required="true">EventType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NotificationEvent</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NotificationEvent</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronizationEvent</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">EventAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EventAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtEvent --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtEvent</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtEvent</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtEvent \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new event object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtEvent ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new event object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$mutant = New-NtEvent -InitialState $true</dev:code> <dev:remarks> <maml:para>Create a new anonymous event object with it initially set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Wait()</dev:code> <dev:remarks> <maml:para>Create a new event object, wait for it to be set.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtEvent -Path \BaseNamedObjects\ABC $obj.Set()</dev:code> <dev:remarks> <maml:para>Create a new event object, and set it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFile</command:name> <command:verb>Get</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Open a existing NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simply calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtFile \??\C:\Windows\Notepad.exe</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = Get-NtFile Notepad.exe -Root $root</dev:code> <dev:remarks> <maml:para>Open a file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtFile c:\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtFile ..\..\..\Windows\Notepad.exe -Win32Path</dev:code> <dev:remarks> <maml:para>Open a file object with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtFile</command:name> <command:verb>New</command:verb> <command:noun>NtFile</command:noun> <maml:description> <maml:para>Create a new NT file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Achive, Device, Normal, Temporary, SparseFile, RepasePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Achive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">RepasePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Attributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Attributes</maml:name> <maml:description> <maml:para>Specify the file attributes for the new file.</maml:para> <maml:para>Possible values: None, ReadOnly, Hidden, System, Directory, Achive, Device, Normal, Temporary, SparseFile, RepasePoint, Compressed, Offline, NotContentIndexed, Encrypted, IntegrityStream, Virtual, NoScrubData, Ea</maml:para> </maml:description> <command:parameterValue required="true">FileAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Normal</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">Hidden</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> <command:parameterValue required="false" variableLength="false">Directory</command:parameterValue> <command:parameterValue required="false" variableLength="false">Achive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Device</command:parameterValue> <command:parameterValue required="false" variableLength="false">Normal</command:parameterValue> <command:parameterValue required="false" variableLength="false">Temporary</command:parameterValue> <command:parameterValue required="false" variableLength="false">SparseFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">RepasePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">Compressed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Offline</command:parameterValue> <command:parameterValue required="false" variableLength="false">NotContentIndexed</command:parameterValue> <command:parameterValue required="false" variableLength="false">Encrypted</command:parameterValue> <command:parameterValue required="false" variableLength="false">IntegrityStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Virtual</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoScrubData</command:parameterValue> <command:parameterValue required="false" variableLength="false">Ea</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Create</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: EaBuffer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>EaBuffer</maml:name> <maml:description> <maml:para>Specify an EA buffer to pass to the create file call.</maml:para> </maml:description> <command:parameterValue required="true">EaBuffer</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.EaBuffer</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Attributes Hidden</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path, with the hidden attribute.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\Windows $obj = New-NtFile Temp\abc.txt -Root $root</dev:code> <dev:remarks> <maml:para>Creates a new file object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = New-NtFile c:\Windows\Temp\abc.txt -Win32Path</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition OpenIf</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then open it rather than failing.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Disposition Supersede</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path. If the file already exists then replace it with the new file.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$obj = New-NtFile \??\C:\Windows\Temp\abc.txt -Options SynchronousIoNonAlert -Access GenericRead,GenericWrite,Synchronize $stm = $obj.ToStream($true) $stm.WriteByte(1)</dev:code> <dev:remarks> <maml:para>Creates a new file object with an absolute path then writes data to it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtFileReparsePoint --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFileReparsePoint</command:name> <command:verb>Get</command:verb> <command:noun>NtFileReparsePoint</command:noun> <maml:description> <maml:para>Open and reads the reparse point buffer for file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT file object and reads out the reparse point buffer data. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simplify calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFileReparsePoint</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: ReparseBuffer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.ReparseBuffer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint \??\C:\XYZ</dev:code> <dev:remarks> <maml:para>Reads the reparse point with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\ $obj = Get-NtFileReparsePoint XYZ -Root $root</dev:code> <dev:remarks> <maml:para>Reads the reparse point with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint C:\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Reads the reparse point with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtFileReparsePoint ..\..\..\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Reads the reparse point with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Remove-NtFileReparsePoint --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Remove-NtFileReparsePoint</command:name> <command:verb>Remove</command:verb> <command:noun>NtFileReparsePoint</command:noun> <maml:description> <maml:para>Removes the reparse point buffer for file.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet removes the reparse point buffer from an existing NT file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. To simplify calling it's also possible to specify the path in a Win32 format when using the -Win32Path parameter. It will return the original reparse buffer that was removed.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Remove-NtFileReparsePoint</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenReparsePoint</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> <!-- OutputType: ReparseBuffer --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.ReparseBuffer</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Remove-NtFileReparsePoint \??\C:\XYZ</dev:code> <dev:remarks> <maml:para>Remove the reparse point with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtFile \??\C:\ Remove-NtFileReparsePoint XYZ -Root $root</dev:code> <dev:remarks> <maml:para>Remove the reparse point with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Remove-NtFileReparsePoint C:\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Remove the reparse point with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Remove-NtFileReparsePoint ..\..\..\XYZ -Win32Path</dev:code> <dev:remarks> <maml:para>Remove the reparse point with a relative win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtFilteredToken --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtFilteredToken</command:name> <command:verb>Get</command:verb> <command:noun>NtFilteredToken</command:noun> <maml:description> <maml:para>Filter an existing NT token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet takes a token and filters (also referred to as restricting) it.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtFilteredToken</maml:name> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify filter flags.</maml:para> <maml:para>Possible values: None, DisableMaxPrivileges, SandboxInert, LuaToken, WriteRestricted</maml:para> </maml:description> <command:parameterValue required="true">FilterTokenFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FilterTokenFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisableMaxPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">SandboxInert</command:parameterValue> <command:parameterValue required="false" variableLength="false">LuaToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteRestricted</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: PrivilegesToDelete --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegesToDelete</maml:name> <maml:description> <maml:para>Specify list of privileges to delete.</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilege[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilege[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedSids --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedSids</maml:name> <maml:description> <maml:para>Specify list restricted SIDS to add to token.</maml:para> </maml:description> <command:parameterValue required="true">UserGroup[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.UserGroup[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidsToDisable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SidsToDisable</maml:name> <maml:description> <maml:para>Specify list group SIDS to disable.</maml:para> </maml:description> <command:parameterValue required="true">UserGroup[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.UserGroup[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PrivilegesToDelete --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrivilegesToDelete</maml:name> <maml:description> <maml:para>Specify list of privileges to delete.</maml:para> </maml:description> <command:parameterValue required="true">TokenPrivilege[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenPrivilege[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SidsToDisable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SidsToDisable</maml:name> <maml:description> <maml:para>Specify list group SIDS to disable.</maml:para> </maml:description> <command:parameterValue required="true">UserGroup[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.UserGroup[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedSids --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedSids</maml:name> <maml:description> <maml:para>Specify list restricted SIDS to add to token.</maml:para> </maml:description> <command:parameterValue required="true">UserGroup[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.UserGroup[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Flags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Flags</maml:name> <maml:description> <maml:para>Specify filter flags.</maml:para> <maml:para>Possible values: None, DisableMaxPrivileges, SandboxInert, LuaToken, WriteRestricted</maml:para> </maml:description> <command:parameterValue required="true">FilterTokenFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FilterTokenFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisableMaxPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">SandboxInert</command:parameterValue> <command:parameterValue required="false" variableLength="false">LuaToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteRestricted</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtToken --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtFilteredToken $tmp -Flags DisableMaxPrivileges }</dev:code> <dev:remarks> <maml:para>Get current process' primary token and disable the maximum privileges.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtFilteredToken $tmp -SidsToDisable "Everyone","BA" }</dev:code> <dev:remarks> <maml:para>Get current process' primary token and set Everyone and Built Administrators groups to deny only.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtFilteredToken $tmp -SidsToDisable "Everyone","BA" }</dev:code> <dev:remarks> <maml:para>Get current process' primary token and set Everyone and Built Administrators groups to deny only.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtFilteredToken $tmp -RestrictedSids $tmp.Groups }</dev:code> <dev:remarks> <maml:para>Get current process' primary token and add all groups as restricted SIDs.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtFilteredToken $tmp -Flags LuaToken }</dev:code> <dev:remarks> <maml:para>Get current process' primary token and convert it to a LUA token.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtGrantedAccess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtGrantedAccess</command:name> <command:verb>Get</command:verb> <command:noun>NtGrantedAccess</command:noun> <maml:description> <maml:para>Gets the granted access to a security descriptor or object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to determine the granted access to a particular resource through a security descriptor or a reference to an object.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: sd --> <command:syntaxItem> <maml:name>Get-NtGrantedAccess</maml:name> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify a security descriptor.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Type --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specify the NT type for the access check.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify an access mask to check against. If not specified will request maximum access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>02000000</dev:defaultValue> </command:parameter> <!-- Parameter: ConvertToString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConvertToString</maml:name> <maml:description> <maml:para>Specify whether to return a string rather than an enumeration value.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MapToGeneric --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapToGeneric</maml:name> <maml:description> <maml:para>Specify whether to map the access mask back to generic rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object to do the access check against. If not specified then current token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: sddl --> <command:syntaxItem> <maml:name>Get-NtGrantedAccess</maml:name> <!-- Parameter: Sddl --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify a security descriptor in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Type --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specify the NT type for the access check.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify an access mask to check against. If not specified will request maximum access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>02000000</dev:defaultValue> </command:parameter> <!-- Parameter: ConvertToString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConvertToString</maml:name> <maml:description> <maml:para>Specify whether to return a string rather than an enumeration value.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MapToGeneric --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapToGeneric</maml:name> <maml:description> <maml:para>Specify whether to map the access mask back to generic rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object to do the access check against. If not specified then current token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: obj --> <command:syntaxItem> <maml:name>Get-NtGrantedAccess</maml:name> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify a kernel object to get security descriptor from.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify an access mask to check against. If not specified will request maximum access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>02000000</dev:defaultValue> </command:parameter> <!-- Parameter: ConvertToString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConvertToString</maml:name> <maml:description> <maml:para>Specify whether to return a string rather than an enumeration value.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MapToGeneric --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapToGeneric</maml:name> <maml:description> <maml:para>Specify whether to map the access mask back to generic rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object to do the access check against. If not specified then current token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: SecurityDescriptor --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Specify a security descriptor.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify a security descriptor in SDDL format.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Type --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Type</maml:name> <maml:description> <maml:para>Specify the NT type for the access check.</maml:para> </maml:description> <command:parameterValue required="true">NtType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: AccessMask --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AccessMask</maml:name> <maml:description> <maml:para>Specify an access mask to check against. If not specified will request maximum access.</maml:para> </maml:description> <command:parameterValue required="true">AccessMask</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AccessMask</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>02000000</dev:defaultValue> </command:parameter> <!-- Parameter: Object --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Object</maml:name> <maml:description> <maml:para>Specify a kernel object to get security descriptor from.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify a token object to do the access check against. If not specified then current token is used.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: MapToGeneric --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MapToGeneric</maml:name> <maml:description> <maml:para>Specify whether to map the access mask back to generic rights.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ConvertToString --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ConvertToString</maml:name> <maml:description> <maml:para>Specify whether to return a string rather than an enumeration value.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Principal --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Principal</maml:name> <maml:description> <maml:para>Specify a principal SID to user when checking security descriptors with SELF SID.</maml:para> </maml:description> <command:parameterValue required="true">Sid</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtGrantedAccess $sd -Type $(Get-NtType File)</dev:code> <dev:remarks> <maml:para>Get the maximum access for a security descriptor for a file object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtGrantedAccess -Sddl "O:BAG:BAD:(A;;GA;;;WD)" -Type $(Get-NtType Process)</dev:code> <dev:remarks> <maml:para>Get the maximum access for a security descriptor for a process object based on an SDDL string.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtHandle --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtHandle</command:name> <command:verb>Get</command:verb> <command:noun>NtHandle</command:noun> <maml:description> <maml:para>Get NT handle information.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets handle information for all process on the system. You can specify a specific process by setting the -ProcessId parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtHandle</maml:name> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: NoQuery --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoQuery</maml:name> <maml:description> <maml:para>Specify that the returned handle entries should not be queried for additional information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectTypes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectTypes</maml:name> <maml:description> <maml:para>Specify list of object types to filter handles.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to filter handles on.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: NoQuery --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NoQuery</maml:name> <maml:description> <maml:para>Specify that the returned handle entries should not be queried for additional information.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectTypes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectTypes</maml:name> <maml:description> <maml:para>Specify list of object types to filter handles.</maml:para> </maml:description> <command:parameterValue required="true">string[]</command:parameterValue> <dev:type> <maml:name>System.String[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtHandle --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtHandle</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtHandle</dev:code> <dev:remarks> <maml:para>Get all NT handles.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtHandle 1234</dev:code> <dev:remarks> <maml:para>Get all NT handles filtered to a specific Process ID</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtHandle $pid</dev:code> <dev:remarks> <maml:para>Get all NT handles for the current process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtHandle 1234 -NoQuery</dev:code> <dev:remarks> <maml:para>Get all NT handles filtered to a specific Process ID but don't try and query information about the handle such as name.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtJob --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtJob</command:name> <command:verb>Get</command:verb> <command:noun>NtJob</command:noun> <maml:description> <maml:para>Open a NT job object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT job object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtJob</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtJob --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtJob</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtJob \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get an job object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtJob ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an job object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtJob --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtJob</command:name> <command:verb>New</command:verb> <command:noun>NtJob</command:noun> <maml:description> <maml:para>Create a new NT job object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT job object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtJob</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, AssignProcess, SetAttributes, Query, Terminate, SetSecurityAttributes, Impersonate, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">JobAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.JobAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AssignProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetSecurityAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtJob --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtJob</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtJob</dev:code> <dev:remarks> <maml:para>Create a new anonymous job object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtJob \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new job object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtJob ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new job object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Add-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Add-NtKey</command:name> <command:verb>Add</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Loads a new registry hive.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet loads a registry hive to somewhere in the registry namespace. If the hive file doesn't exist it will be created.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Add-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: KeyPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>KeyPath</maml:name> <maml:description> <maml:para>Specifes the path to where the hive should be loaded.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LoadFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LoadFlags</maml:name> <maml:description> <maml:para>Specifes the flags for loading the hive.</maml:para> <maml:para>Possible values: None, AppKey, Exclusive, Unknown800, ReadOnly</maml:para> </maml:description> <command:parameterValue required="true">LoadKeyFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LoadKeyFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown800</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: KeyPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>KeyPath</maml:name> <maml:description> <maml:para>Specifes the path to where the hive should be loaded.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: LoadFlags --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LoadFlags</maml:name> <maml:description> <maml:para>Specifes the flags for loading the hive.</maml:para> <maml:para>Possible values: None, AppKey, Exclusive, Unknown800, ReadOnly</maml:para> </maml:description> <command:parameterValue required="true">LoadKeyFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LoadKeyFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unknown800</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$token = Get-NtTokenPrimary $token.SetPrivilege("SeRestorePrivilege", $true) $obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC</dev:code> <dev:remarks> <maml:para>Load a hive to a new attachment point.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC -LoadFlags AppKey</dev:code> <dev:remarks> <maml:para>Load a app hive to a new attachment point (can be done without privileges).</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Add-NtKey \??\C:\Windows\Temp\test.hiv \Registry\Machine\ABC -LoadFlags AppKey,ReadOnly</dev:code> <dev:remarks> <maml:para>Load a app hive to a new attachment point read-only.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtKey</command:name> <command:verb>Get</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Open a NT key object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT key object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software</dev:code> <dev:remarks> <maml:para>Get a key object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtKey \Registry\Machine $obj = Get-NtKey Software -Root $root</dev:code> <dev:remarks> <maml:para>Get a key object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software $obj.QueryKeys()</dev:code> <dev:remarks> <maml:para>Get a key object, and enumerate its subkeys</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtKey \Registry\Machine\Software $obj.QueryValues()</dev:code> <dev:remarks> <maml:para>Get a key object, and enumerate its values</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtKey --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtKey</command:name> <command:verb>New</command:verb> <command:noun>NtKey</command:noun> <maml:description> <maml:para>Create a new NT key object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT key object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtKey</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>Options to use when opening/creating the key.</maml:para> <maml:para>Possible values: NonVolatile, Volatile, CreateLink, BackupRestore, OpenLink</maml:para> </maml:description> <command:parameterValue required="true">KeyCreateOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyCreateOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>NonVolatile</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">NonVolatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">Volatile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">BackupRestore</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: QueryValue, SetValue, CreateSubKey, EnumerateSubKeys, Notify, CreateLink, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">KeyAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KeyAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueryValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetValue</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateSubKey</command:parameterValue> <command:parameterValue required="false" variableLength="false">EnumerateSubKeys</command:parameterValue> <command:parameterValue required="false" variableLength="false">Notify</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtKey --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtKey</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtKey \Registry\Machine\Software\ABC</dev:code> <dev:remarks> <maml:para>Create a new key object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtKey -Path \Registry\Machine\Software\ABC $obj.SetValue("ValueName", String, "DataValue")</dev:code> <dev:remarks> <maml:para>Create a new event object and set a string value.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtLowBoxToken --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtLowBoxToken</command:name> <command:verb>Get</command:verb> <command:noun>NtLowBoxToken</command:noun> <maml:description> <maml:para>Get a LowBox version of an existing NT token.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet takes a token and creates a new lowbox token from it.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtLowBoxToken</maml:name> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PackageSid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PackageSid</maml:name> <maml:description> <maml:para>Specify package SID or a name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CapabilitySids --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilitySids</maml:name> <maml:description> <maml:para>Specify list of capability SIDS to add to token.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Handles --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Handles</maml:name> <maml:description> <maml:para>Specify list of handles to capture with lowbox token..</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedPackageName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedPackageName</maml:name> <maml:description> <maml:para>Specify an additional restricted name for the package SID.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PackageSid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PackageSid</maml:name> <maml:description> <maml:para>Specify package SID or a name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedPackageName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedPackageName</maml:name> <maml:description> <maml:para>Specify an additional restricted name for the package SID.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CapabilitySids --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilitySids</maml:name> <maml:description> <maml:para>Specify list of capability SIDS to add to token.</maml:para> </maml:description> <command:parameterValue required="true">Sid[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.Sid[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Handles --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Handles</maml:name> <maml:description> <maml:para>Specify list of handles to capture with lowbox token..</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtToken --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtLowBoxToken $tmp -PackageSid "Application.Name" }</dev:code> <dev:remarks> <maml:para>Get current process' primary token create a lowbox token with a named package.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$token = Use-NtObject($tmp = Get-NtToken -Primary) { Get-NtLowBoxToken $tmp -PackageSid "S-1-15-2-1-2-3-4-5-6-7" }</dev:code> <dev:remarks> <maml:para>Get current process' primary token create a lowbox token with a package Sid.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtMailslotFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtMailslotFile</command:name> <command:verb>New</command:verb> <command:noun>NtMailslotFile</command:noun> <maml:description> <maml:para>Create a new NT mailslot file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT mailslot file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtMailslotFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, WriteDac, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DefaultTimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DefaultTimeoutMs</maml:name> <maml:description> <maml:para>Specify the default timeout for the mailslot in MS (-1 for no timeout)</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MailslotQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MailslotQuota</maml:name> <maml:description> <maml:para>Specify the mailslot quota.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumMessageSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumMessageSize</maml:name> <maml:description> <maml:para>Specify the maximum message size (0 means any size)</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: DefaultTimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DefaultTimeoutMs</maml:name> <maml:description> <maml:para>Specify the default timeout for the mailslot in MS (-1 for no timeout)</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumMessageSize --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumMessageSize</maml:name> <maml:description> <maml:para>Specify the maximum message size (0 means any size)</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MailslotQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MailslotQuota</maml:name> <maml:description> <maml:para>Specify the mailslot quota.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadAttributes, WriteDac, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtMailslotFile \??\mailslot\abc</dev:code> <dev:remarks> <maml:para>Creates a new file mailslot object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtMailslotFile \\.\mailslot\abc -Win32Path</dev:code> <dev:remarks> <maml:para>Creates a new file mailslot object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtMutant --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtMutant</command:name> <command:verb>Get</command:verb> <command:noun>NtMutant</command:noun> <maml:description> <maml:para>Open a NT mutant object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT mutant object (also known as a mutex). The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtMutant</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtMutant --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtMutant</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtMutant \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a mutant object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtMutant ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtMutant -Path \BaseNamedObjects\ABC $obj.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Get a mutant object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtMutant --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtMutant</command:name> <command:verb>New</command:verb> <command:noun>NtMutant</command:noun> <maml:description> <maml:para>Create a new NT mutant object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT mutant object (also known as a mutex). The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtMutant</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InitialOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialOwner</maml:name> <maml:description> <maml:para>Specify to indicate the caller is the initial owner of the mutant.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialOwner</maml:name> <maml:description> <maml:para>Specify to indicate the caller is the initial owner of the mutant.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">MutantAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MutantAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtMutant --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtMutant</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtMutant</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtMutant \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new mutant object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtMutant ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new mutant object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$mutant = New-NtMutant -InitialOwner</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object with the caller as the initial owner.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtMutant $mutant.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Create a new anonymous mutant object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtNamedPipeFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtNamedPipeFile</command:name> <command:verb>Get</command:verb> <command:noun>NtNamedPipeFile</command:noun> <maml:description> <maml:para>Opens an existing NT named pipe file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT named pipe file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter. This only works if the caller has permission to access the pipe server object and the maximum number of instances is not exceeded.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtNamedPipeFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Synchronize, GenericWrite, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SynchronousIoNonAlert</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Write</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Write</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SynchronousIoNonAlert</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Synchronize, GenericWrite, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtNamedPipeFile \??\pipe\abc</dev:code> <dev:remarks> <maml:para>Opens an existing file named pipe object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtNamedPipeFile \\.\pipe\abc -Win32Path</dev:code> <dev:remarks> <maml:para>Opens an existing file named pipe object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtNamedPipeFile \??\pipe\abc -Disposition OpenIf</dev:code> <dev:remarks> <maml:para>Opens an existing file named pipe object with an absolute path. If the file already exists then open it rather than failing.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtNamedPipeFile --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtNamedPipeFile</command:name> <command:verb>New</command:verb> <command:noun>NtNamedPipeFile</command:noun> <maml:description> <maml:para>Create a new NT named pipe file object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT named pipe file object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtNamedPipeFile</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Synchronize, GenericWrite, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CompletionMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CompletionMode</maml:name> <maml:description> <maml:para>Specify the pipe completion mode.</maml:para> <maml:para>Possible values: QueueOperation, CompleteOperation</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeCompletionMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeCompletionMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>QueueOperation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueueOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteOperation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: DefaultTimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DefaultTimeoutMs</maml:name> <maml:description> <maml:para>Specify the default timeout for the pipe in MS</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>50</dev:defaultValue> </command:parameter> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenIf</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: InputQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InputQuota</maml:name> <maml:description> <maml:para>Specify the pipe input quota (0 is default).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumInstances --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumInstances</maml:name> <maml:description> <maml:para>Specify the maximum number of pipe instances (-1 is infinite).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SynchronousIoNonAlert</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OutputQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutputQuota</maml:name> <maml:description> <maml:para>Specify the pipe output quota (0 is default).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: PipeType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PipeType</maml:name> <maml:description> <maml:para>Specify the pipe type.</maml:para> <maml:para>Possible values: Bytestream, Message, RejectRemoteClients</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Bytestream</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Bytestream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Message</command:parameterValue> <command:parameterValue required="false" variableLength="false">RejectRemoteClients</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReadMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReadMode</maml:name> <maml:description> <maml:para>Specify the pipe read mode.</maml:para> <maml:para>Possible values: ByteStream, Message</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeReadMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeReadMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ByteStream</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ByteStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Message</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Write</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: UnlimitedInstances --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>UnlimitedInstances</maml:name> <maml:description> <maml:para>If specified an unlimited number of instances of this pipe can be created.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Disposition --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Disposition</maml:name> <maml:description> <maml:para>Specify the disposition for creating the file.</maml:para> <maml:para>Possible values: Supersede, Open, Create, OpenIf, Overwrite, OverwriteIf</maml:para> </maml:description> <command:parameterValue required="true">FileDisposition</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileDisposition</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>OpenIf</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Supersede</command:parameterValue> <command:parameterValue required="false" variableLength="false">Open</command:parameterValue> <command:parameterValue required="false" variableLength="false">Create</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">Overwrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">OverwriteIf</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: DefaultTimeoutMs --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>DefaultTimeoutMs</maml:name> <maml:description> <maml:para>Specify the default timeout for the pipe in MS</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>50</dev:defaultValue> </command:parameter> <!-- Parameter: PipeType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PipeType</maml:name> <maml:description> <maml:para>Specify the pipe type.</maml:para> <maml:para>Possible values: Bytestream, Message, RejectRemoteClients</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Bytestream</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Bytestream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Message</command:parameterValue> <command:parameterValue required="false" variableLength="false">RejectRemoteClients</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ReadMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ReadMode</maml:name> <maml:description> <maml:para>Specify the pipe read mode.</maml:para> <maml:para>Possible values: ByteStream, Message</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeReadMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeReadMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ByteStream</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">ByteStream</command:parameterValue> <command:parameterValue required="false" variableLength="false">Message</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CompletionMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CompletionMode</maml:name> <maml:description> <maml:para>Specify the pipe completion mode.</maml:para> <maml:para>Possible values: QueueOperation, CompleteOperation</maml:para> </maml:description> <command:parameterValue required="true">NamedPipeCompletionMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NamedPipeCompletionMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>QueueOperation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">QueueOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteOperation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: MaximumInstances --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumInstances</maml:name> <maml:description> <maml:para>Specify the maximum number of pipe instances (-1 is infinite).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: UnlimitedInstances --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>UnlimitedInstances</maml:name> <maml:description> <maml:para>If specified an unlimited number of instances of this pipe can be created.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InputQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InputQuota</maml:name> <maml:description> <maml:para>Specify the pipe input quota (0 is default).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: OutputQuota --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OutputQuota</maml:name> <maml:description> <maml:para>Specify the pipe output quota (0 is default).</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ShareMode --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ShareMode</maml:name> <maml:description> <maml:para>The access share mode to open the file with.</maml:para> <maml:para>Possible values: None, Read, Write, Delete, All</maml:para> </maml:description> <command:parameterValue required="true">FileShareMode</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileShareMode</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Read, Write</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Read</command:parameterValue> <command:parameterValue required="false" variableLength="false">Write</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">All</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Options --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Options</maml:name> <maml:description> <maml:para>The options to open the file with.</maml:para> <maml:para>Possible values: None, DirectoryFile, WriteThrough, SequentialOnly, NoIntermediateBuffering, SynchronousIoAlert, SynchronousIoNonAlert, NonDirectoryFile, CreateTreeConnection, CompleteIfOplocked, NoEaKnowledge, OpenRemoteInstance, RandomAccess, DeleteOnClose, OpenByFileId, OpenForBackupIntent, NoCompression, OpenRequiringOplock, DisallowExclusive, SessionAware, ReserveOpfilter, OpenReparsePoint, OpenNoRecall, OpenForFreeSpaceQuery</maml:para> </maml:description> <command:parameterValue required="true">FileOpenOptions</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileOpenOptions</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>SynchronousIoNonAlert</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteThrough</command:parameterValue> <command:parameterValue required="false" variableLength="false">SequentialOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoIntermediateBuffering</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">SynchronousIoNonAlert</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonDirectoryFile</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateTreeConnection</command:parameterValue> <command:parameterValue required="false" variableLength="false">CompleteIfOplocked</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoEaKnowledge</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRemoteInstance</command:parameterValue> <command:parameterValue required="false" variableLength="false">RandomAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteOnClose</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenByFileId</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForBackupIntent</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCompression</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenRequiringOplock</command:parameterValue> <command:parameterValue required="false" variableLength="false">DisallowExclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">SessionAware</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReserveOpfilter</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenReparsePoint</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenNoRecall</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenForFreeSpaceQuery</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, ReadData, WriteData, AppendData, ReadEa, WriteEa, Execute, DeleteChild, ReadAttributes, WriteAttributes, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">FileAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.FileAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Synchronize, GenericWrite, GenericRead</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadData</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteData</command:parameterValue> <command:parameterValue required="false" variableLength="false">AppendData</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteEa</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">DeleteChild</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteAttributes</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtFile --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtNamedPipeFile \??\pipe\abc</dev:code> <dev:remarks> <maml:para>Creates a new file named pipe object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtNamedPipeFile \??\pipe\abc -MaximumInstances 100</dev:code> <dev:remarks> <maml:para>Creates a new file named pipe object with an absolute path and with a maximum of 100 instances.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = New-NtNamedPipeFile \??\pipe\abc -UnlimitedInstances</dev:code> <dev:remarks> <maml:para>Creates a new file named pipe object with an absolute path and with a unlimited maximum number of instances.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = New-NtNamedPipeFile \\.\pipe\abc -Win32Path</dev:code> <dev:remarks> <maml:para>Creates a new file named pipe object with an absolute win32 path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = New-NtNamedPipeFile \??\pipe\abc -Disposition OpenIf</dev:code> <dev:remarks> <maml:para>Creates a new file named pipe object with an absolute path. If the file already exists then open it rather than failing.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtObject</command:name> <command:verb>Get</command:verb> <command:noun>NtObject</command:noun> <maml:description> <maml:para>Open an NT object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an NT object by its path. The returned object will be a type specific to the actual underlying NT type.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtObject</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>The type of object will try and be determined automatically, however in cases where this isn't possible the NT type name can be specified here. This needs to be a value such as Directory, SymbolicLink, Mutant etc.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>The type of object will try and be determined automatically, however in cases where this isn't possible the NT type name can be specified here. This needs to be a value such as Directory, SymbolicLink, Mutant etc.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, Access0, Access1, Access2, Access3, Access4, Access5, Access6, Access7, Access8, Access9, Access10, Access11, Access12, Access13, Access14, Access15, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, AccessSystemSecurity, MaximumAllowed, GenericAll, GenericExecute, GenericWrite, GenericRead</maml:para> </maml:description> <command:parameterValue required="true">GenericAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.GenericAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access0</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access1</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access2</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access3</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access4</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access5</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access6</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access7</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access8</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access9</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access10</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access11</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access12</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access13</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access14</command:parameterValue> <command:parameterValue required="false" variableLength="false">Access15</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtObject --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a existing object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects -TypeName Directory</dev:code> <dev:remarks> <maml:para>Get a existing object with an explicit type.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtObject \BaseNamedObjects $obj = Get-NtObject ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get an existing object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Use-NtObject --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Use-NtObject</command:name> <command:verb>Use</command:verb> <command:noun>NtObject</command:noun> <maml:description> <maml:para>Use an NtObject (or list of NtObject) and automatically close the objects after use.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to scope the use of NtObject, similar to the using statement in C#. When the script block passed to this cmdlet goes out of scope the input object is automatically disposed of, ensuring any native resources are closed to prevent leaks.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Use-NtObject</maml:name> <!-- Parameter: InputObject --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>InputObject</maml:name> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> <command:parameterValue required="true">object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Specify the script block to execute.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InputObject --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>InputObject</maml:name> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> <command:parameterValue required="true">object</command:parameterValue> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ScriptBlock --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>ScriptBlock</maml:name> <maml:description> <maml:para>Specify the script block to execute.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.Object</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify the input object to be disposed.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ps = Use-NtObject (Get-NtProcess) { param ($ps); $ps | Select-Object Name, CommandLine }</dev:code> <dev:remarks> <maml:para>Select Name and CommandLine from a list of processes and dispose of the list afterwards.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtProcess --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtProcess</command:name> <command:verb>Get</command:verb> <command:noun>NtProcess</command:noun> <maml:description> <maml:para>Get NT processes.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets all accessible processes on the system. You can specify a specific process by setting the -ProcessId or -Current parameters.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: pid --> <command:syntaxItem> <maml:name>Get-NtProcess</maml:name> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OpenOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOwner</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its owner process (which is typically a console host) instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenParent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenParent</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its parent instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: current --> <command:syntaxItem> <maml:name>Get-NtProcess</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Current --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Open current process.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOwner</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its owner process (which is typically a console host) instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenParent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenParent</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its parent instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: all --> <command:syntaxItem> <maml:name>Get-NtProcess</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CommandLine</maml:name> <maml:description> <maml:para>Specify sub-string in the command line to filter the list on. If Name is also specified this will just select processes with that name with this sub-string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FromSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FromSystem</maml:name> <maml:description> <maml:para>When getting all processes only get the system information process list.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify a executable name to filter the list on.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="0" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to open.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: OpenParent --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenParent</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its parent instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: OpenOwner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenOwner</maml:name> <maml:description> <maml:para>When opening a specific process choose whether to open its owner process (which is typically a console host) instead.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Name --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Specify a executable name to filter the list on.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CommandLine --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CommandLine</maml:name> <maml:description> <maml:para>Specify sub-string in the command line to filter the list on. If Name is also specified this will just select processes with that name with this sub-string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each process opened.</maml:para> <maml:para>Possible values: None, CreateProcess, CreateThread, DupHandle, QueryInformation, QueryLimitedInformation, SetLimitedInformation, SetInformation, SetQuota, SuspendResume, Terminate, VmOperation, VmRead, VmWrite, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ProcessAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ProcessAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateProcess</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreateThread</command:parameterValue> <command:parameterValue required="false" variableLength="false">DupHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetQuota</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmOperation</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">VmWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Current --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Open current process.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FromSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FromSystem</maml:name> <maml:description> <maml:para>When getting all processes only get the system information process list.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtProcess --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ps = Get-NtProcess</dev:code> <dev:remarks> <maml:para>Get all NT processes accessible by the current user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$p = Get-NtProcess -Current</dev:code> <dev:remarks> <maml:para>Get reference to current process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Access DupHandle</dev:code> <dev:remarks> <maml:para>Get all NT processes accessible by the current user for duplicate handle access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234</dev:code> <dev:remarks> <maml:para>Get a specific process</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234 -Access QueryInformation $p.CommandLine</dev:code> <dev:remarks> <maml:para>Get a command line of a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234 -Access QueryInformation $p.FullPath</dev:code> <dev:remarks> <maml:para>Get a native image path of a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$p = Get-NtProcess $pid</dev:code> <dev:remarks> <maml:para>Get the current process by process ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$p = Get-NtProcess 1234 -OpenParent</dev:code> <dev:remarks> <maml:para>Get the parent of a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Name notepad.exe</dev:code> <dev:remarks> <maml:para>Get all processes with the name notepad.exe.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>$ps = Get-NtProcess -CommandLine hello</dev:code> <dev:remarks> <maml:para>Get all processes with where the command line contains the string "hello".</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 11 ----------</maml:title> <dev:code>$ps = Get-NtProcess -Name notepad.exe -CommandLine hello</dev:code> <dev:remarks> <maml:para>Get all processes with the name notepad.exe where the command line contains the string "hello".</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 12 ----------</maml:title> <dev:code>$ps = Get-NtProcess -FilterScript { param($p); $p.SessionId -eq 1 }</dev:code> <dev:remarks> <maml:para>Get all processes in session 1.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 13 ----------</maml:title> <dev:code>$ps = Get-NtProcess -FilterScript { param($p); $p.Mitigations.DisallowWin32kSystemCalls -eq $true }</dev:code> <dev:remarks> <maml:para>Get all processes with the Disallow Win32k System Calls mitigation policy.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtSection --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSection</command:name> <command:verb>Get</command:verb> <command:noun>NtSection</command:noun> <maml:description> <maml:para>Open a NT section object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT section object. The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSection</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSection --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSection</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtSection \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a section object with an absolute path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSection --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSection</command:name> <command:verb>New</command:verb> <command:noun>NtSection</command:noun> <maml:description> <maml:para>Create a new NT section object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT section object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSection</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: File --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>File</maml:name> <maml:description> <maml:para>An existing file to use as backing for the section.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Protection --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Protection</maml:name> <maml:description> <maml:para>Memory allocation protection flags.</maml:para> <maml:para>Possible values: None, NoAccess, ReadOnly, ReadWrite, WriteCopy, Execute, ExecuteRead, ExecuteWriteCopy, Guard, NoCache, WriteCombine</maml:para> </maml:description> <command:parameterValue required="true">MemoryAllocationProtect</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MemoryAllocationProtect</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadWrite</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCopy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExecuteRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExecuteWriteCopy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Guard</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCache</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCombine</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SectionAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAttributes</maml:name> <maml:description> <maml:para>Section attribute flags.</maml:para> <maml:para>Possible values: None, Based, NoChange, File, Image, ProtectedImage, Reserve, Commit, NoCache, WriteCombine, LargePages, ImageNoExecute</maml:para> </maml:description> <command:parameterValue required="true">SectionAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Commit</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Based</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoChange</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Image</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedImage</command:parameterValue> <command:parameterValue required="false" variableLength="false">Reserve</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCache</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCombine</command:parameterValue> <command:parameterValue required="false" variableLength="false">LargePages</command:parameterValue> <command:parameterValue required="false" variableLength="false">ImageNoExecute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Size</maml:name> <maml:description> <maml:para>An optional size for the section.</maml:para> </maml:description> <command:parameterValue required="true">LargeInteger</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LargeInteger</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: File --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>File</maml:name> <maml:description> <maml:para>An existing file to use as backing for the section.</maml:para> </maml:description> <command:parameterValue required="true">NtFile</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtFile</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Size --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Size</maml:name> <maml:description> <maml:para>An optional size for the section.</maml:para> </maml:description> <command:parameterValue required="true">LargeInteger</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.LargeInteger</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Protection --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Protection</maml:name> <maml:description> <maml:para>Memory allocation protection flags.</maml:para> <maml:para>Possible values: None, NoAccess, ReadOnly, ReadWrite, WriteCopy, Execute, ExecuteRead, ExecuteWriteCopy, Guard, NoCache, WriteCombine</maml:para> </maml:description> <command:parameterValue required="true">MemoryAllocationProtect</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.MemoryAllocationProtect</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>ReadWrite</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoAccess</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadOnly</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCopy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Execute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExecuteRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExecuteWriteCopy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Guard</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCache</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCombine</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SectionAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SectionAttributes</maml:name> <maml:description> <maml:para>Section attribute flags.</maml:para> <maml:para>Possible values: None, Based, NoChange, File, Image, ProtectedImage, Reserve, Commit, NoCache, WriteCombine, LargePages, ImageNoExecute</maml:para> </maml:description> <command:parameterValue required="true">SectionAttributes</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAttributes</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Commit</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Based</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoChange</command:parameterValue> <command:parameterValue required="false" variableLength="false">File</command:parameterValue> <command:parameterValue required="false" variableLength="false">Image</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProtectedImage</command:parameterValue> <command:parameterValue required="false" variableLength="false">Reserve</command:parameterValue> <command:parameterValue required="false" variableLength="false">Commit</command:parameterValue> <command:parameterValue required="false" variableLength="false">NoCache</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteCombine</command:parameterValue> <command:parameterValue required="false" variableLength="false">LargePages</command:parameterValue> <command:parameterValue required="false" variableLength="false">ImageNoExecute</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, MapWrite, MapRead, MapExecute, ExtendSize, MapExecuteExplicit, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SectionAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SectionAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">ExtendSize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MapExecuteExplicit</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSection --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSection</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtSection -Size 4096</dev:code> <dev:remarks> <maml:para>Create a new anonymous section object of size 4096 bytes.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtSection \BaseNamedObjects\ABC -Size 4096</dev:code> <dev:remarks> <maml:para>Create a new section object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$file = Get-NtFile \??\C:\SomeFile $obj = New-NtSection -File $file -Protection ReadOnly</dev:code> <dev:remarks> <maml:para>Create a new section object backed by a file with read only protection.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$file = Get-NtFile \??\C:\Windows\notepad.exe $obj = New-NtSection -File $file -SectionAttributes Image -Protection ReadOnly</dev:code> <dev:remarks> <maml:para>Create a new image section object backed by an executable file.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSecurityDescriptor --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSecurityDescriptor</command:name> <command:verb>New</command:verb> <command:noun>NtSecurityDescriptor</command:noun> <maml:description> <maml:para>Create a new security descriptor which can be used on NT objects.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new instance of a SecurityDescriptor object. This can be used directly with one of the New-Nt* cmdlets (via the -SecurityDescriptor parameter) or by calling SetSecurityDescriptor on an existing object (assume the object has been opened with the correct permissions.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSecurityDescriptor</maml:name> <!-- Parameter: NullDacl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NullDacl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor with a NULL DACL.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from an SDDL representation.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from the default DACL of a token object.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: NullDacl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>NullDacl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor with a NULL DACL.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from an SDDL representation.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Token --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Specify to create the security descriptor from the default DACL of a token object.</maml:para> </maml:description> <command:parameterValue required="true">NtToken</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: SecurityDescriptor --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -Sddl "O:BAG:BAD:(A;;GA;;;WD)"</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object from an SDDL string</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -NullDacl</dev:code> <dev:remarks> <maml:para>Create a new security descriptor object with a NULL DACL.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$sd = New-NtSecurityDescriptor -Sddl "D:(A;;GA;;;WD)" $obj = New-NtDirectory \BaseNamedObjects\ABC -SecurityDescriptor $sd</dev:code> <dev:remarks> <maml:para>Create a new object directory with an explicit security descriptor.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtSemaphore --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSemaphore</command:name> <command:verb>Get</command:verb> <command:noun>NtSemaphore</command:noun> <maml:description> <maml:para>Open a NT semaphore object by path.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens an existing NT semaphore object (also known as a mutex). The absolute path to the object in the NT object manager name space must be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSemaphore</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSemaphore --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSemaphore</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtSemaphore \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Get a semaphore object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = Get-NtSemaphore ABC -Root $root</dev:code> <dev:remarks> <maml:para>Get a semaphore object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtSemaphore -Path \BaseNamedObjects\ABC $obj.Wait() # Do something in lock... $obj.Release()</dev:code> <dev:remarks> <maml:para>Get a semaphore object, acquire the lock via Wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSemaphore --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSemaphore</command:name> <command:verb>New</command:verb> <command:noun>NtSemaphore</command:noun> <maml:description> <maml:para>Create a new NT semaphore object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT semaphore object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSemaphore</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: InitialCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialCount</maml:name> <maml:description> <maml:para>Specify the intial count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumCount</maml:name> <maml:description> <maml:para>Specify the maximum count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: InitialCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>InitialCount</maml:name> <maml:description> <maml:para>Specify the intial count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MaximumCount --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>MaximumCount</maml:name> <maml:description> <maml:para>Specify the maximum count of the semaphore.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: None, QueryState, ModifyState, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">SemaphoreAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SemaphoreAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryState</command:parameterValue> <command:parameterValue required="false" variableLength="false">ModifyState</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtSemaphore --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtSemaphore</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtSemaphore</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtSemaphore \BaseNamedObjects\ABC</dev:code> <dev:remarks> <maml:para>Create a new semaphore object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \BaseNamedObjects $obj = New-NtSemaphore ABC -Root $root</dev:code> <dev:remarks> <maml:para>Create a new semaphore object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$semaphore = New-NtSemaphore -MaximumCount 10</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object a maximum count of 10.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$semaphore = New-NtSemaphore -InitialCount 1</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object the initial count set to 1.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$obj = New-NtSemaphore -InitialCount 1 $semaphore.Wait(10) # Do something with the semaphore... $obj.Release(1)</dev:code> <dev:remarks> <maml:para>Create a new anonymous semaphore object with an initial count of 1, decrement the semaphore via Wait with a 10 second wait and Release it.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtSid --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSid</command:name> <command:verb>Get</command:verb> <command:noun>NtSid</command:noun> <maml:description> <maml:para>Get a SID using various different mechanisms.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet will create a SID object based on one of many mechanisms. For example it can parse the SDDL representation of the SID, or it can look up the account name. It can also create a SID based on a service name or integerity level.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: sddl --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: Sddl --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify a SID using an SDDL string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: name --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: Name --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Lookup a SID using an NT account name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: service --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: ServiceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceName</maml:name> <maml:description> <maml:para>Create a SID based on a service name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: il --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: IntegrityLevel --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Create a SID based on the standard set of integrity levels.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: il_raw --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: IntegrityLevelRaw --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevelRaw</maml:name> <maml:description> <maml:para>Create a SID based on a raw integerity level.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: package --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: PackageName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PackageName</maml:name> <maml:description> <maml:para>Create a SID from App Container package name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedPackageName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedPackageName</maml:name> <maml:description> <maml:para>Specify an additional restricted name for the package SID.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> <!-- Parameter set: known --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: KnownSid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>KnownSid</maml:name> <maml:description> <maml:para>Get a known SID.</maml:para> <maml:para>Possible values: Null, World, Local, CreatorOwner, CreatorGroup, Service, Anonymous, AuthenticatedUsers, Restricted, LocalSystem, LocalService, NetworkService, AllApplicationPackages, AllRestrictedApplicationPackages, TrustedInstaller, BuiltinUsers, BuiltinAdministrators, CapabilityInternetClient, CapabilityInternetClientServer, CapabilityPrivateNetworkClientServer, CapabilityPicturesLibrary, CapabilityVideosLibrary, CapabilityMusicLibrary, CapabilityDocumentsLibrary, CapabilityEnterpriseAuthentication, CapabilitySharedUserCertificates, CapabilityRemovableStorage, CapabilityAppointments, CapabilityContacts, CapabilityInternetExplorer, CapabilityConstrainedImpersonation, OwnerRights, Self</maml:para> </maml:description> <command:parameterValue required="true">KnownSidValue</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KnownSidValue</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Null</command:parameterValue> <command:parameterValue required="false" variableLength="false">World</command:parameterValue> <command:parameterValue required="false" variableLength="false">Local</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreatorOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreatorGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuthenticatedUsers</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">LocalSystem</command:parameterValue> <command:parameterValue required="false" variableLength="false">LocalService</command:parameterValue> <command:parameterValue required="false" variableLength="false">NetworkService</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllApplicationPackages</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllRestrictedApplicationPackages</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrustedInstaller</command:parameterValue> <command:parameterValue required="false" variableLength="false">BuiltinUsers</command:parameterValue> <command:parameterValue required="false" variableLength="false">BuiltinAdministrators</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetClient</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetClientServer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityPrivateNetworkClientServer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityPicturesLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityVideosLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityMusicLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityDocumentsLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityEnterpriseAuthentication</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilitySharedUserCertificates</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityRemovableStorage</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityAppointments</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityContacts</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetExplorer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityConstrainedImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">OwnerRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">Self</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: token --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Get the SID from the current user token. Defaults to the user SID.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AppContainer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AppContainer</maml:name> <maml:description> <maml:para>Get the SID for the current package (if an App Container token).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Label --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Label</maml:name> <maml:description> <maml:para>Get the SID for the current integrity level.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LogonGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LogonGroup</maml:name> <maml:description> <maml:para>Get the SID for the current login group.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Owner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Owner</maml:name> <maml:description> <maml:para>Get the SID for the current default owner.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrimaryGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrimaryGroup</maml:name> <maml:description> <maml:para>Get the SID for the current default group.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: cap --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: CapabilityName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilityName</maml:name> <maml:description> <maml:para>Create a SID from App Container capability name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CapabilityGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilityGroup</maml:name> <maml:description> <maml:para>Returns the group capability SID rather than normal capability SID.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: sid --> <command:syntaxItem> <maml:name>Get-NtSid</maml:name> <!-- Parameter: RelativeIdentifiers --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>RelativeIdentifiers</maml:name> <maml:description> <maml:para>Specify the relative identifiers.</maml:para> </maml:description> <command:parameterValue required="true">uint[]</command:parameterValue> <dev:type> <maml:name>System.UInt32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityAuthority --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityAuthority</maml:name> <maml:description> <maml:para>Specify a SIDs security authority.</maml:para> <maml:para>Possible values: Null, World, Local, Creator, NonUnique, Nt, ResourceManager, Package, Label, ScopedPolicyId, Authentication, ProcessTrust</maml:para> </maml:description> <command:parameterValue required="true">SecurityAuthority</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityAuthority</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Null</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Null</command:parameterValue> <command:parameterValue required="false" variableLength="false">World</command:parameterValue> <command:parameterValue required="false" variableLength="false">Local</command:parameterValue> <command:parameterValue required="false" variableLength="false">Creator</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonUnique</command:parameterValue> <command:parameterValue required="false" variableLength="false">Nt</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Package</command:parameterValue> <command:parameterValue required="false" variableLength="false">Label</command:parameterValue> <command:parameterValue required="false" variableLength="false">ScopedPolicyId</command:parameterValue> <command:parameterValue required="false" variableLength="false">Authentication</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessTrust</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Sddl --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Specify a SID using an SDDL string.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Name --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Name</maml:name> <maml:description> <maml:para>Lookup a SID using an NT account name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ServiceName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>ServiceName</maml:name> <maml:description> <maml:para>Create a SID based on a service name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Create a SID based on the standard set of integrity levels.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevelRaw --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevelRaw</maml:name> <maml:description> <maml:para>Create a SID based on a raw integerity level.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: PackageName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>PackageName</maml:name> <maml:description> <maml:para>Create a SID from App Container package name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: RestrictedPackageName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>RestrictedPackageName</maml:name> <maml:description> <maml:para>Specify an additional restricted name for the package SID.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: KnownSid --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>KnownSid</maml:name> <maml:description> <maml:para>Get a known SID.</maml:para> <maml:para>Possible values: Null, World, Local, CreatorOwner, CreatorGroup, Service, Anonymous, AuthenticatedUsers, Restricted, LocalSystem, LocalService, NetworkService, AllApplicationPackages, AllRestrictedApplicationPackages, TrustedInstaller, BuiltinUsers, BuiltinAdministrators, CapabilityInternetClient, CapabilityInternetClientServer, CapabilityPrivateNetworkClientServer, CapabilityPicturesLibrary, CapabilityVideosLibrary, CapabilityMusicLibrary, CapabilityDocumentsLibrary, CapabilityEnterpriseAuthentication, CapabilitySharedUserCertificates, CapabilityRemovableStorage, CapabilityAppointments, CapabilityContacts, CapabilityInternetExplorer, CapabilityConstrainedImpersonation, OwnerRights, Self</maml:para> </maml:description> <command:parameterValue required="true">KnownSidValue</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.KnownSidValue</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Null</command:parameterValue> <command:parameterValue required="false" variableLength="false">World</command:parameterValue> <command:parameterValue required="false" variableLength="false">Local</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreatorOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">CreatorGroup</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">AuthenticatedUsers</command:parameterValue> <command:parameterValue required="false" variableLength="false">Restricted</command:parameterValue> <command:parameterValue required="false" variableLength="false">LocalSystem</command:parameterValue> <command:parameterValue required="false" variableLength="false">LocalService</command:parameterValue> <command:parameterValue required="false" variableLength="false">NetworkService</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllApplicationPackages</command:parameterValue> <command:parameterValue required="false" variableLength="false">AllRestrictedApplicationPackages</command:parameterValue> <command:parameterValue required="false" variableLength="false">TrustedInstaller</command:parameterValue> <command:parameterValue required="false" variableLength="false">BuiltinUsers</command:parameterValue> <command:parameterValue required="false" variableLength="false">BuiltinAdministrators</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetClient</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetClientServer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityPrivateNetworkClientServer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityPicturesLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityVideosLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityMusicLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityDocumentsLibrary</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityEnterpriseAuthentication</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilitySharedUserCertificates</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityRemovableStorage</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityAppointments</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityContacts</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityInternetExplorer</command:parameterValue> <command:parameterValue required="false" variableLength="false">CapabilityConstrainedImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">OwnerRights</command:parameterValue> <command:parameterValue required="false" variableLength="false">Self</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Token --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Token</maml:name> <maml:description> <maml:para>Get the SID from the current user token. Defaults to the user SID.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Owner --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Owner</maml:name> <maml:description> <maml:para>Get the SID for the current default owner.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PrimaryGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PrimaryGroup</maml:name> <maml:description> <maml:para>Get the SID for the current default group.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: LogonGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LogonGroup</maml:name> <maml:description> <maml:para>Get the SID for the current login group.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: AppContainer --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>AppContainer</maml:name> <maml:description> <maml:para>Get the SID for the current package (if an App Container token).</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Label --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Label</maml:name> <maml:description> <maml:para>Get the SID for the current integrity level.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CapabilityName --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilityName</maml:name> <maml:description> <maml:para>Create a SID from App Container capability name.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CapabilityGroup --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CapabilityGroup</maml:name> <maml:description> <maml:para>Returns the group capability SID rather than normal capability SID.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: SecurityAuthority --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityAuthority</maml:name> <maml:description> <maml:para>Specify a SIDs security authority.</maml:para> <maml:para>Possible values: Null, World, Local, Creator, NonUnique, Nt, ResourceManager, Package, Label, ScopedPolicyId, Authentication, ProcessTrust</maml:para> </maml:description> <command:parameterValue required="true">SecurityAuthority</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityAuthority</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Null</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Null</command:parameterValue> <command:parameterValue required="false" variableLength="false">World</command:parameterValue> <command:parameterValue required="false" variableLength="false">Local</command:parameterValue> <command:parameterValue required="false" variableLength="false">Creator</command:parameterValue> <command:parameterValue required="false" variableLength="false">NonUnique</command:parameterValue> <command:parameterValue required="false" variableLength="false">Nt</command:parameterValue> <command:parameterValue required="false" variableLength="false">ResourceManager</command:parameterValue> <command:parameterValue required="false" variableLength="false">Package</command:parameterValue> <command:parameterValue required="false" variableLength="false">Label</command:parameterValue> <command:parameterValue required="false" variableLength="false">ScopedPolicyId</command:parameterValue> <command:parameterValue required="false" variableLength="false">Authentication</command:parameterValue> <command:parameterValue required="false" variableLength="false">ProcessTrust</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: RelativeIdentifiers --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>RelativeIdentifiers</maml:name> <maml:description> <maml:para>Specify the relative identifiers.</maml:para> </maml:description> <command:parameterValue required="true">uint[]</command:parameterValue> <dev:type> <maml:name>System.UInt32[]</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtSid BA</dev:code> <dev:remarks> <maml:para>Gets the Sid for the builtin administrators group based on the SDDL form.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtSid S-1-2-3-4-5</dev:code> <dev:remarks> <maml:para>Gets the Sid S-1-2-3-4-5 from its SDDL form.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtSid -Name domain\user</dev:code> <dev:remarks> <maml:para>Gets the Sid for the username 'user' in domain 'domain'.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtSid -Name BUILTIN\Administrators</dev:code> <dev:remarks> <maml:para>Gets the Sid for the the builtin administrators group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>Get-NtSid -ServiceName service</dev:code> <dev:remarks> <maml:para>Gets the Sid for service name 'service'.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>Get-NtSid -IntegrityLevel Low</dev:code> <dev:remarks> <maml:para>Gets the Sid Low integrity level.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>Get-NtSid -IntegrityLevelRaw 1234</dev:code> <dev:remarks> <maml:para>Gets the Sid for the arbitrary integrity level 1234.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>Get-NtSid -PackageName some.package.name</dev:code> <dev:remarks> <maml:para>Gets the Sid for App Container package name 'some.package.name'.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>Get-NtSid -PackageName some.package.name -RestrictedPackageName restricted</dev:code> <dev:remarks> <maml:para>Gets the Sid for App Container package name 'some.package.name' with the restricted name 'restricted'</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>Get-NtSid -KnownSid BuiltinAdministrators</dev:code> <dev:remarks> <maml:para>Gets the Sid for the builtin administrators group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 11 ----------</maml:title> <dev:code>Get-NtSid -Token</dev:code> <dev:remarks> <maml:para>Gets the Sid for the current user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 12 ----------</maml:title> <dev:code>Get-NtSid -Token -LogonGroup</dev:code> <dev:remarks> <maml:para>Gets the Sid for the current default logon group.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 13 ----------</maml:title> <dev:code>Get-NtSid -CapabilityName internetClient</dev:code> <dev:remarks> <maml:para>Gets the capability Sid the internetClient capability.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 14 ----------</maml:title> <dev:code>Get-NtSid -CapabilityName internetClient -CapabilityGroup</dev:code> <dev:remarks> <maml:para>Gets the capability group Sid the internetClient capability.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtStatus --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtStatus</command:name> <command:verb>Get</command:verb> <command:noun>NtStatus</command:noun> <maml:description> <maml:para>Get known information about an NTSTATUS code.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet looks up an NTSTATUS code and if possible prints the enumeration name, the message description and the corresponding win32 error.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtStatus</maml:name> <!-- Parameter: Status --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Status</maml:name> <maml:description> <maml:para>Specify a NTSTATUS code to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Status --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Status</maml:name> <maml:description> <maml:para>Specify a NTSTATUS code to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtStatus</dev:code> <dev:remarks> <maml:para>Gets all known NTSTATUS codes defined in this library.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtStatus -Status 0xc0000022</dev:code> <dev:remarks> <maml:para>Gets information about a specific status code.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Get-NtSymbolicLink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSymbolicLink</command:name> <command:verb>Get</command:verb> <command:noun>NtSymbolicLink</command:noun> <maml:description> <maml:para>Open a existing NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT symbolic link object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to open the object relative to an existing object by specified the -Root parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSymbolicLink</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtSymbolicLink \DosDevices\ABC</dev:code> <dev:remarks> <maml:para>Open a symbolic link object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices $obj = Get-NtSymbolicLink ABC -Root $root</dev:code> <dev:remarks> <maml:para>Open a symbolic link object with a relative path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtSymbolicLink \DosDevices\ABC $obj.Query()</dev:code> <dev:remarks> <maml:para>Open a symbolic link object and query its target.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: New-NtSymbolicLink --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>New-NtSymbolicLink</command:name> <command:verb>New</command:verb> <command:noun>NtSymbolicLink</command:noun> <maml:description> <maml:para>Create a new NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet creates a new NT symbolic link object. The absolute path to the object in the NT object manager name space can be specified. It's also possible to create the object relative to an existing object by specified the -Root parameter. If no path is specified than an unnamed object will be created which can only be duplicated by handle.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>New-NtSymbolicLink</maml:name> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target NT object manager path to follow if processing this symbolic link.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TargetPath --> <command:parameter required="true" globbing="false" pipelineInput="false" position="1"> <maml:name>TargetPath</maml:name> <maml:description> <maml:para>Specify the target NT object manager path to follow if processing this symbolic link.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify the access rights for a new handle when creating/opening an object.</maml:para> <maml:para>Possible values: Query, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed</maml:para> </maml:description> <command:parameterValue required="true">SymbolicLinkAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SymbolicLinkAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = New-NtSymbolicLink -TargetPath \Symlink\Target</dev:code> <dev:remarks> <maml:para>Create a new anonymous symbolic link object.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = New-NtSymbolicLink \DosDevices\ABC \Symlink\Target</dev:code> <dev:remarks> <maml:para>Create a new symbolic link object with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices $obj = New-NtSymbolicLink ABC \Symlink\Target -Root $root</dev:code> <dev:remarks> <maml:para>Create a new symbolic link object with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtSymbolicLinkTarget --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtSymbolicLinkTarget</command:name> <command:verb>Get</command:verb> <command:noun>NtSymbolicLinkTarget</command:noun> <maml:description> <maml:para>Get the target path for an existing NT symbolic link object.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet opens a existing NT symbolic link object and queries its target path. That can be done using Get-NtSymbolicLink and the Query method but this simplifies the operation so that the object handle doesn't have to be closed.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtSymbolicLinkTarget</maml:name> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Path --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0"> <maml:name>Path</maml:name> <maml:description> <maml:para>The NT object manager path to the object to use.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Root --> <command:parameter required="false" globbing="false" pipelineInput="true (ByValue)" position="named"> <maml:name>Root</maml:name> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> <command:parameterValue required="true">NtObject</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Win32Path --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Win32Path</maml:name> <maml:description> <maml:para>Use a Win32 path for lookups. For NT objects this means relative to BNO, for files means a DOS style path.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ObjectAttributes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ObjectAttributes</maml:name> <maml:description> <maml:para>Object Attribute flags used during Open/Create calls.</maml:para> <maml:para>Possible values: None, Inherit, Permanent, Exclusive, CaseInsensitive, OpenIf, OpenLink, KernelHandle, ForceAccessCheck, IgnoreImpersonatedDevicemap, DontReparse</maml:para> </maml:description> <command:parameterValue required="true">AttributeFlags</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.AttributeFlags</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>CaseInsensitive</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">None</command:parameterValue> <command:parameterValue required="false" variableLength="false">Inherit</command:parameterValue> <command:parameterValue required="false" variableLength="false">Permanent</command:parameterValue> <command:parameterValue required="false" variableLength="false">Exclusive</command:parameterValue> <command:parameterValue required="false" variableLength="false">CaseInsensitive</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenIf</command:parameterValue> <command:parameterValue required="false" variableLength="false">OpenLink</command:parameterValue> <command:parameterValue required="false" variableLength="false">KernelHandle</command:parameterValue> <command:parameterValue required="false" variableLength="false">ForceAccessCheck</command:parameterValue> <command:parameterValue required="false" variableLength="false">IgnoreImpersonatedDevicemap</command:parameterValue> <command:parameterValue required="false" variableLength="false">DontReparse</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: SecurityDescriptor --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityDescriptor</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object.</maml:para> </maml:description> <command:parameterValue required="true">SecurityDescriptor</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityDescriptor</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Sddl --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Sddl</maml:name> <maml:description> <maml:para>Set to provide an explicit security descriptor to a newly created object in SDDL format. Overriddes SecurityDescriptor.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: SecurityQualityOfService --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>SecurityQualityOfService</maml:name> <maml:description> <maml:para>Set to provide an explicit security quality of service when opening files/namedpipes.</maml:para> </maml:description> <command:parameterValue required="true">SecurityQualityOfService</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityQualityOfService</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CloseRoot --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CloseRoot</maml:name> <maml:description> <maml:para>Automatically close the Root object when this cmdlet finishes processing. Useful for pipelines.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: CreateDirectories --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CreateDirectories</maml:name> <maml:description> <maml:para>Create any necessary NtDirectory objects to create the required object. Will return the created directories as well as the object in the output. The new object will be the first entry in the list. This doesn't work when opening an object or creating keys/files.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>An existing open NT object to use when Path is relative.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues /> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtSymbolicLinkTarget \DosDevices\ABC</dev:code> <dev:remarks> <maml:para>Gets the symbolic link object target with an absolute path.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$root = Get-NtDirectory \DosDevices Get-NtSymbolicLinkTarget ABC -Root $root</dev:code> <dev:remarks> <maml:para>Gets the symbolic link object target with a relative path.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtThread --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtThread</command:name> <command:verb>Get</command:verb> <command:noun>NtThread</command:noun> <maml:description> <maml:para>Get NT threads.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets all accessible threads on the system. You can specify a specific thread by setting the -ThreadId parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: tid --> <command:syntaxItem> <maml:name>Get-NtThread</maml:name> <!-- Parameter: ThreadId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: pid --> <command:syntaxItem> <maml:name>Get-NtThread</maml:name> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: current --> <command:syntaxItem> <maml:name>Get-NtThread</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Current --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Get the current thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PseudoHandle --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PseudoHandle</maml:name> <maml:description> <maml:para>When getting the current thread return pseudo handle. This handle doesn't need to be closed but changes identity if used in a different thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> <!-- Parameter set: all --> <command:syntaxItem> <maml:name>Get-NtThread</maml:name> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: FromSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FromSystem</maml:name> <maml:description> <maml:para>When getting all threads only get the system information thread list.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: ThreadId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="0" aliases="tid"> <maml:name>tid</maml:name> <maml:description> <maml:para>Specify a thread ID to open.</maml:para> <maml:para>This is an alias of the ThreadId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <command:parameter required="true" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify a process ID to enumerate only its threads.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>-1</dev:defaultValue> </command:parameter> <!-- Parameter: Current --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Current</maml:name> <maml:description> <maml:para>Get the current thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: PseudoHandle --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>PseudoHandle</maml:name> <maml:description> <maml:para>When getting the current thread return pseudo handle. This handle doesn't need to be closed but changes identity if used in a different thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: FilterScript --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FilterScript</maml:name> <maml:description> <maml:para>Specify an arbitrary filter script.</maml:para> </maml:description> <command:parameterValue required="true">ScriptBlock</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.ScriptBlock</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for each thread opened.</maml:para> <maml:para>Possible values: Terminate, SuspendResume, Alert, GetContext, SetContext, SetInformation, QueryInformation, SetThreadToken, Impersonate, DirectImpersonation, SetLimitedInformation, QueryLimitedInformation, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">ThreadAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.ThreadAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Terminate</command:parameterValue> <command:parameterValue required="false" variableLength="false">SuspendResume</command:parameterValue> <command:parameterValue required="false" variableLength="false">Alert</command:parameterValue> <command:parameterValue required="false" variableLength="false">GetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetContext</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetThreadToken</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">DirectImpersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">SetLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">QueryLimitedInformation</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: FromSystem --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>FromSystem</maml:name> <maml:description> <maml:para>When getting all threads only get the system information thread list.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtThread --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ts = Get-NtThread</dev:code> <dev:remarks> <maml:para>Get all NT threads accessible by the current user.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ts = Get-NtThread -Access Impersonate</dev:code> <dev:remarks> <maml:para>Get all NT threads accessible by the current user for impersonate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$t = Get-NtThread 1234</dev:code> <dev:remarks> <maml:para>Get a specific thread.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$t = Get-NtThread -ProcessId 1234</dev:code> <dev:remarks> <maml:para>Get threads for a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$ts = Get-NtThread -Current</dev:code> <dev:remarks> <maml:para>Get the current NT thread.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$ts = Get-NtThread -FilterScript { param($t); Use-NtObject($k = $t.OpenToken()) { $k -ne $null } }</dev:code> <dev:remarks> <maml:para>Get threads which have impersonation tokens set.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtToken --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtToken</command:name> <command:verb>Get</command:verb> <command:noun>NtToken</command:noun> <maml:description> <maml:para>Open an NT token from different sources.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets a token from one of multiple possible sources. You can specify either a Primary process token, a Thread impersonation token, an Effective token, a Clipboard token a Logon/S4U token or the anonymous token.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: Primary --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Primary --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Primary</maml:name> <maml:description> <maml:para>Get the primary token for a process.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify the process to open the token from. If not set will use the current process.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify the process to open the token from as a PID. Overridden by the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: Impersonation --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Impersonation --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Impersonation</maml:name> <maml:description> <maml:para>Get an impersonation token for a thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ThreadId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify the thread to open the token from by ID.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: Effective --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Effective --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Effective</maml:name> <maml:description> <maml:para>If thread impersonation token doesn't exist then get the primary token for the associated process. This is getting the "effective" token for the thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ThreadId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify the thread to open the token from by ID.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: Clipboard --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Clipboard --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Clipboard</maml:name> <maml:description> <maml:para>Get the current clipboard token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: Logon --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Logon --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Logon</maml:name> <maml:description> <maml:para>Get a logon token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: User --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>User</maml:name> <maml:description> <maml:para>Specify username for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Domain --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Domain</maml:name> <maml:description> <maml:para>Specify domain for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>GOOGLE</dev:defaultValue> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: LogonType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LogonType</maml:name> <maml:description> <maml:para>Specify logon type for logon token.</maml:para> <maml:para>Possible values: UndefinedLogonType, Interactive, Network, Batch, Service, Proxy, Unlock, NetworkCleartext, NewCredentials</maml:para> </maml:description> <command:parameterValue required="true">SecurityLogonType</command:parameterValue> <dev:type> <maml:name>SandboxAnalysisUtils.SecurityLogonType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Network</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">UndefinedLogonType</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interactive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Network</command:parameterValue> <command:parameterValue required="false" variableLength="false">Batch</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">Proxy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unlock</command:parameterValue> <command:parameterValue required="false" variableLength="false">NetworkCleartext</command:parameterValue> <command:parameterValue required="false" variableLength="false">NewCredentials</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Password --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specify password for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: S4U --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: S4U --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>S4U</maml:name> <maml:description> <maml:para>Get an Services for User (S4U) logon token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: User --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>User</maml:name> <maml:description> <maml:para>Specify username for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Domain --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Domain</maml:name> <maml:description> <maml:para>Specify domain for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>GOOGLE</dev:defaultValue> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: LogonType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LogonType</maml:name> <maml:description> <maml:para>Specify logon type for logon token.</maml:para> <maml:para>Possible values: UndefinedLogonType, Interactive, Network, Batch, Service, Proxy, Unlock, NetworkCleartext, NewCredentials</maml:para> </maml:description> <command:parameterValue required="true">SecurityLogonType</command:parameterValue> <dev:type> <maml:name>SandboxAnalysisUtils.SecurityLogonType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Network</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">UndefinedLogonType</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interactive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Network</command:parameterValue> <command:parameterValue required="false" variableLength="false">Batch</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">Proxy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unlock</command:parameterValue> <command:parameterValue required="false" variableLength="false">NetworkCleartext</command:parameterValue> <command:parameterValue required="false" variableLength="false">NewCredentials</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> <!-- Parameter set: Anonymous --> <command:syntaxItem> <maml:name>Get-NtToken</maml:name> <!-- Parameter: Anonymous --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Anonymous</maml:name> <maml:description> <maml:para>Get anonymous token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Access --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Access</maml:name> <maml:description> <maml:para>Specify access rights for the token.</maml:para> <maml:para>Possible values: AssignPrimary, Duplicate, Impersonate, Query, QuerySource, AdjustPrivileges, AdjustGroups, AdjustDefault, AdjustSessionId, GenericRead, GenericWrite, GenericExecute, GenericAll, Delete, ReadControl, WriteDac, WriteOwner, Synchronize, MaximumAllowed, AccessSystemSecurity</maml:para> </maml:description> <command:parameterValue required="true">TokenAccessRights</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenAccessRights</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>MaximumAllowed</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">AssignPrimary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Duplicate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonate</command:parameterValue> <command:parameterValue required="false" variableLength="false">Query</command:parameterValue> <command:parameterValue required="false" variableLength="false">QuerySource</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustPrivileges</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustGroups</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustDefault</command:parameterValue> <command:parameterValue required="false" variableLength="false">AdjustSessionId</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericRead</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericWrite</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericExecute</command:parameterValue> <command:parameterValue required="false" variableLength="false">GenericAll</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delete</command:parameterValue> <command:parameterValue required="false" variableLength="false">ReadControl</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteDac</command:parameterValue> <command:parameterValue required="false" variableLength="false">WriteOwner</command:parameterValue> <command:parameterValue required="false" variableLength="false">Synchronize</command:parameterValue> <command:parameterValue required="false" variableLength="false">MaximumAllowed</command:parameterValue> <command:parameterValue required="false" variableLength="false">AccessSystemSecurity</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Duplicate --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Duplicate</maml:name> <maml:description> <maml:para>Return a duplicated version of the token. The type of token is specified using -TokenType and -ImpersonationLevel</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: TokenType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>TokenType</maml:name> <maml:description> <maml:para>Specify the type of token to create if -Duplicate is specified.</maml:para> <maml:para>Possible values: Primary, Impersonation</maml:para> </maml:description> <command:parameterValue required="true">TokenType</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Primary</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: ImpersonationLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>ImpersonationLevel</maml:name> <maml:description> <maml:para>Specify the impersonation level of the token to create if -Duplicate is specified and TokenType is Impersonation.</maml:para> <maml:para>Possible values: Anonymous, Identification, Impersonation, Delegation</maml:para> </maml:description> <command:parameterValue required="true">SecurityImpersonationLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.SecurityImpersonationLevel</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Impersonation</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Anonymous</command:parameterValue> <command:parameterValue required="false" variableLength="false">Identification</command:parameterValue> <command:parameterValue required="false" variableLength="false">Impersonation</command:parameterValue> <command:parameterValue required="false" variableLength="false">Delegation</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: IntegrityLevel --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>IntegrityLevel</maml:name> <maml:description> <maml:para>Specify the integrity level of the token to if -Duplicate is specified.</maml:para> <maml:para>Possible values: Untrusted, Low, Medium, High, System</maml:para> </maml:description> <command:parameterValue required="true">TokenIntegrityLevel</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.TokenIntegrityLevel</maml:name> <maml:uri /> </dev:type> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">Untrusted</command:parameterValue> <command:parameterValue required="false" variableLength="false">Low</command:parameterValue> <command:parameterValue required="false" variableLength="false">Medium</command:parameterValue> <command:parameterValue required="false" variableLength="false">High</command:parameterValue> <command:parameterValue required="false" variableLength="false">System</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Primary --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Primary</maml:name> <maml:description> <maml:para>Get the primary token for a process.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Process --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Process</maml:name> <maml:description> <maml:para>Specify the process to open the token from. If not set will use the current process.</maml:para> </maml:description> <command:parameterValue required="true">NtProcess</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtProcess</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ProcessId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>ProcessId</maml:name> <maml:description> <maml:para>Specify the process to open the token from as a PID. Overridden by the Process parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="pid"> <maml:name>pid</maml:name> <maml:description> <maml:para>Specify the process to open the token from as a PID. Overridden by the Process parameter.</maml:para> <maml:para>This is an alias of the ProcessId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Impersonation --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Impersonation</maml:name> <maml:description> <maml:para>Get an impersonation token for a thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Effective --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Effective</maml:name> <maml:description> <maml:para>If thread impersonation token doesn't exist then get the primary token for the associated process. This is getting the "effective" token for the thread.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Thread --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Thread</maml:name> <maml:description> <maml:para>Specify the thread to open the token from. If not set will use the current thread.</maml:para> </maml:description> <command:parameterValue required="true">NtThread</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtThread</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: ThreadId --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="tid"> <maml:name>ThreadId</maml:name> <maml:description> <maml:para>Specify the thread to open the token from by ID.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="tid"> <maml:name>tid</maml:name> <maml:description> <maml:para>Specify the thread to open the token from by ID.</maml:para> <maml:para>This is an alias of the ThreadId parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: OpenAsSelf --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>OpenAsSelf</maml:name> <maml:description> <maml:para>Specify the token should be open with the process identity rather than the impersonated identity.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Clipboard --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Clipboard</maml:name> <maml:description> <maml:para>Get the current clipboard token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Logon --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Logon</maml:name> <maml:description> <maml:para>Get a logon token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: S4U --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>S4U</maml:name> <maml:description> <maml:para>Get an Services for User (S4U) logon token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: User --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>User</maml:name> <maml:description> <maml:para>Specify username for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Password --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Password</maml:name> <maml:description> <maml:para>Specify password for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Domain --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Domain</maml:name> <maml:description> <maml:para>Specify domain for logon token.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>GOOGLE</dev:defaultValue> </command:parameter> <!-- Parameter: LogonType --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>LogonType</maml:name> <maml:description> <maml:para>Specify logon type for logon token.</maml:para> <maml:para>Possible values: UndefinedLogonType, Interactive, Network, Batch, Service, Proxy, Unlock, NetworkCleartext, NewCredentials</maml:para> </maml:description> <command:parameterValue required="true">SecurityLogonType</command:parameterValue> <dev:type> <maml:name>SandboxAnalysisUtils.SecurityLogonType</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>Network</dev:defaultValue> <command:parameterValueGroup> <command:parameterValue required="false" variableLength="false">UndefinedLogonType</command:parameterValue> <command:parameterValue required="false" variableLength="false">Interactive</command:parameterValue> <command:parameterValue required="false" variableLength="false">Network</command:parameterValue> <command:parameterValue required="false" variableLength="false">Batch</command:parameterValue> <command:parameterValue required="false" variableLength="false">Service</command:parameterValue> <command:parameterValue required="false" variableLength="false">Proxy</command:parameterValue> <command:parameterValue required="false" variableLength="false">Unlock</command:parameterValue> <command:parameterValue required="false" variableLength="false">NetworkCleartext</command:parameterValue> <command:parameterValue required="false" variableLength="false">NewCredentials</command:parameterValue> </command:parameterValueGroup> </command:parameter> <!-- Parameter: Anonymous --> <command:parameter required="true" globbing="false" pipelineInput="false" position="named"> <maml:name>Anonymous</maml:name> <maml:description> <maml:para>Get anonymous token.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtToken --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtToken</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary</dev:code> <dev:remarks> <maml:para>Get current process' primary token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary -Access Duplicate</dev:code> <dev:remarks> <maml:para>Get current process' primary token for Duplicate access.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary -Duplicate -TokenType Impersonation -ImpersonationLevel Impersonation</dev:code> <dev:remarks> <maml:para>Get current process' primary token and convert to an impersonation token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary -Duplicate -TokenType Primary -IntegrityLevel Low</dev:code> <dev:remarks> <maml:para>Get current process token, duplicate as primary and set integrity level to Low.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 5 ----------</maml:title> <dev:code>$obj = Get-NtTokenPrimary -Access AdjustPrivileges $obj.SetPrivilege("SeDebugPrivilege", $true)</dev:code> <dev:remarks> <maml:para>Enable debug privilege on current token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 6 ----------</maml:title> <dev:code>$process = Get-NtProcess -ProcessId 1234 $obj = Get-NtToken -Primary -Process $process</dev:code> <dev:remarks> <maml:para>Get process token for a specific process.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 7 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary -ProcessId 1234</dev:code> <dev:remarks> <maml:para>Get process token for a specific process by process ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 8 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary $obj.GetPrivileges()</dev:code> <dev:remarks> <maml:para>Query the privileges of a token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 9 ----------</maml:title> <dev:code>$obj = Get-NtToken -Primary $obj.GetGroups()</dev:code> <dev:remarks> <maml:para>Query the groups of a token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 10 ----------</maml:title> <dev:code>$thread = Get-NtThread -ThreadId 1234 $obj = Get-NtToken -Impersonation -Thread $thread</dev:code> <dev:remarks> <maml:para>Get the impersonation token for a specific thread.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 11 ----------</maml:title> <dev:code>$obj = Get-NtToken -Impersonation -ThreadId 1234</dev:code> <dev:remarks> <maml:para>Get impersonation token for a specific thread by ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 12 ----------</maml:title> <dev:code>$obj = Get-NtToken -Effective -ThreadId 1234</dev:code> <dev:remarks> <maml:para>Get the effective token for a specific thread by ID.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 13 ----------</maml:title> <dev:code>$obj = Get-NtToken -Clipboard</dev:code> <dev:remarks> <maml:para>Get the current clipboard token.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 14 ----------</maml:title> <dev:code>$obj = Get-NtToken -Logon -User Bob -Password BobP@ssword</dev:code> <dev:remarks> <maml:para>Get network logon token for user Bob in the current domain with password BobP@ssword.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 15 ----------</maml:title> <dev:code>$obj = Get-NtToken -Logon -User Bob -Password BobP@ssword -Domain BADGERS -LogonType Interactive</dev:code> <dev:remarks> <maml:para>Get interactive logon token for BADGERS\\Bob with password BobP@ssword.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 16 ----------</maml:title> <dev:code>$obj = Get-NtToken -S4U -User Bob -Domain BADGERS</dev:code> <dev:remarks> <maml:para>Get S4U network logon token for BADGERS\\Bob with no password.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 17 ----------</maml:title> <dev:code>$obj = Get-NtToken -Anonymous</dev:code> <dev:remarks> <maml:para>Get the anonymous logon token.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> <!-- Cmdlet: Get-NtType --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Get-NtType</command:name> <command:verb>Get</command:verb> <command:noun>NtType</command:noun> <maml:description> <maml:para>Get NT type information.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet gets NT type information from the operating system. If run without parameters it'll retrieve all types. You can limit it to only one type using the -TypeName parameter. By default it will used cached versions of the type information as most of the time you don't need information such as how many objects are created, however if you want that current information specify the -CurrentStatus parameter.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Get-NtType</maml:name> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify a specific NT type to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CurrentStatus --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CurrentStatus</maml:name> <maml:description> <maml:para>If set then will pull the latest information for the types rather than using cached data.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: TypeName --> <command:parameter required="false" globbing="false" pipelineInput="false" position="0"> <maml:name>TypeName</maml:name> <maml:description> <maml:para>Specify a specific NT type to retrieve.</maml:para> </maml:description> <command:parameterValue required="true">string</command:parameterValue> <dev:type> <maml:name>System.String</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: CurrentStatus --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>CurrentStatus</maml:name> <maml:description> <maml:para>If set then will pull the latest information for the types rather than using cached data.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes /> <command:returnValues> <!-- OutputType: NtType --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtType</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>Get-NtType</dev:code> <dev:remarks> <maml:para>Get all NT types.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>Get-NtType | Where-Object SecurityRequired -eq $False</dev:code> <dev:remarks> <maml:para>Get all NT types which don't require security.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>Get-NtType Directory</dev:code> <dev:remarks> <maml:para>Get the Directory NT type.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>Get-NtType Directory -CurrentStatus</dev:code> <dev:remarks> <maml:para>Get the Directory NT type with the current status of all information.</maml:para> </dev:remarks> </command:example> </command:examples> </command:command> <!-- Cmdlet: Start-NtWait --> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10"> <command:details> <command:name>Start-NtWait</command:name> <command:verb>Start</command:verb> <command:noun>NtWait</command:noun> <maml:description> <maml:para>Wait on one or more NT objects to become signalled.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>This cmdlet allows you to issue a wait on one or more NT objects until they become signalled. This is used for example to acquire a Mutant, decrement a Semaphore or wait for a Process to exit. The timeout value is a combination of all the allowed time parameters, e.g. if you specify 1 second and 1000 milliseconds it will actually wait 2 seconds in total. Specifying -Infinite overrides the time parameters and will wait indefinitely.</maml:para> </maml:description> <command:syntax> <!-- Parameter set: __AllParameterSets --> <command:syntaxItem> <maml:name>Start-NtWait</maml:name> <!-- Parameter: Objects --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Objects</maml:name> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Hours --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>Hours</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSeconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>MilliSeconds</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minutes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>Minutes</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Seconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>Seconds</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: WaitAll --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WaitAll</maml:name> <maml:description> <maml:para>Specify a multiple object wait should exit only when all objects becomes signalled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <!-- Parameter: Objects --> <command:parameter required="true" globbing="false" pipelineInput="true (ByValue)" position="0"> <maml:name>Objects</maml:name> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> <command:parameterValue required="true">NtObject[]</command:parameterValue> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> </command:parameter> <!-- Parameter: Seconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>Seconds</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="s"> <maml:name>s</maml:name> <maml:description> <maml:para>Specify a wait time in seconds.</maml:para> <maml:para>This is an alias of the Seconds parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: MilliSeconds --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>MilliSeconds</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="ms"> <maml:name>ms</maml:name> <maml:description> <maml:para>Specify a wait time in milliseconds.</maml:para> <maml:para>This is an alias of the MilliSeconds parameter.</maml:para> </maml:description> <command:parameterValue required="true">long</command:parameterValue> <dev:type> <maml:name>System.Int64</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Minutes --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>Minutes</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="m"> <maml:name>m</maml:name> <maml:description> <maml:para>Specify a wait time in minutes.</maml:para> <maml:para>This is an alias of the Minutes parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Hours --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>Hours</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <command:parameter required="false" globbing="false" pipelineInput="false" position="named" aliases="h"> <maml:name>h</maml:name> <maml:description> <maml:para>Specify a wait time in hours.</maml:para> <maml:para>This is an alias of the Hours parameter.</maml:para> </maml:description> <command:parameterValue required="true">int</command:parameterValue> <dev:type> <maml:name>System.Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>0</dev:defaultValue> </command:parameter> <!-- Parameter: Infinite --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Infinite</maml:name> <maml:description> <maml:para>Specify an infinite wait time.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: Alertable --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>Alertable</maml:name> <maml:description> <maml:para>Specify the wait should be alertable.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <!-- Parameter: WaitAll --> <command:parameter required="false" globbing="false" pipelineInput="false" position="named"> <maml:name>WaitAll</maml:name> <maml:description> <maml:para>Specify a multiple object wait should exit only when all objects becomes signalled.</maml:para> </maml:description> <command:parameterValue required="true">SwitchParameter</command:parameterValue> <dev:type> <maml:name>System.Management.Automation.SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>NtApiDotNet.NtObject[]</maml:name> <maml:uri /> </dev:type> <maml:description> <maml:para>Specify a list of objects to wait on.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <!-- OutputType: NtStatus --> <command:returnValue> <dev:type> <maml:name>NtApiDotNet.NtStatus</maml:name> <maml:uri /> </dev:type> </command:returnValue> </command:returnValues> <command:examples> <command:example> <maml:title>---------- EXAMPLE 1 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects\ABC Start-NtWait $ev -Seconds 10</dev:code> <dev:remarks> <maml:para>Get an event and wait for 10 seconds for it to be signalled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 2 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects\ABC $ev | Start-NtWait -Infinite</dev:code> <dev:remarks> <maml:para>Get an event and wait indefinitely for it to be signalled.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 3 ----------</maml:title> <dev:code>$ev = Get-NtEvent \BaseNamedObjects\ABC $ev | Start-NtWait -Infinite -Alertable</dev:code> <dev:remarks> <maml:para>Get an event and wait indefinitely for it to be signalled or alerted.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>---------- EXAMPLE 4 ----------</maml:title> <dev:code>$evs = @($ev1, $ev2)$ Start-NtWait $evs -WaitAll -Seconds 100</dev:code> <dev:remarks> <maml:para>Get a list of events and wait 100 seconds for all events to be signalled.</maml:para> </dev:remarks> </command:example> </command:examples> <maml:relatedLinks> <maml:navigationLink> <maml:linkText>about_ManagingNtObjectLifetime</maml:linkText> </maml:navigationLink> </maml:relatedLinks> </command:command> </helpItems> |