NtObjectManager

1.1.18

This module adds a provider and cmdlets to access the NT object manager namespace.

Minimum PowerShell version

3.0

There is a newer prerelease version of this module available.
See the version list below for details.

Installation Options

Copy and Paste the following command to install this package using PowerShellGet More Info

Install-Module -Name NtObjectManager -RequiredVersion 1.1.18

Copy and Paste the following command to install this package using Microsoft.PowerShell.PSResourceGet More Info

Install-PSResource -Name NtObjectManager -Version 1.1.18

You can deploy this package directly to Azure Automation. Note that deploying packages with dependencies will deploy all the dependencies to Azure Automation. Learn More

Manually download the .nupkg file to your system's default download location. Note that the file won't be unpacked, and won't include any dependencies. Learn More

Owners

Copyright

(c) 2016, 2017, 2018, 2019 Google Inc. All rights reserved.

Package Details

Author(s)

  • James Forshaw

Tags

security defence offence sandbox

Cmdlets

Add-NtKey Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKey New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager

Functions

Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias New-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Invoke-NtToken Get-NtSecurityDescriptor Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtObjectInformation Set-NtObjectInformation

Dependencies

This module has no dependencies.

Release Notes

1.1.18
------
* Added better support for transaction objects including some cmdlets.
* Added general QueryInformation and SetInformation methods to a number of objects.
* Added side channel isolation mitigation policy.
* Added more FS volume information classes.
* Added extended section/memory functions.
* Added a few missing NDR type formats.
* Added BNO isolation process attribute.
* Added new types to separate out named pipes from normal files.
* Added Start-NtFileOplock.
* Added support for absolute security descriptors.

FileList

Version History

Version Downloads Last updated
2.0.1 98,059 11/15/2023
2.0.0 3,952 9/12/2023
2.0.0-alpha2... 26 8/31/2023
1.1.33 42,403 1/22/2022
1.1.32 54,604 8/18/2021
1.1.31 4,667 3/16/2021
1.1.30 1,052 1/15/2021
1.1.29 1,071 11/23/2020
1.1.28 2,223 6/30/2020
1.1.27 2,176 2/10/2020
1.1.26 499 1/21/2020
1.1.25 491 1/2/2020
1.1.24 520 12/10/2019
1.1.23 965 10/15/2019
1.1.22 2,629 4/30/2019
1.1.21 207 4/23/2019
1.1.20 1,217 3/9/2019
1.1.19 211 2/4/2019
1.1.18 (current version) 44 2/4/2019
1.1.17 681 9/9/2018
1.1.16 191 8/1/2018
1.1.15 241 6/18/2018
1.1.14 382 5/1/2018
1.1.13 120 4/4/2018
1.1.12 335 3/19/2018
1.1.11 142 3/4/2018
1.1.10 53 3/1/2018
1.1.9 86 2/22/2018
1.1.8 100 2/6/2018
1.1.7 109 1/11/2018
1.1.6 116 12/3/2017
1.1.5 59 11/23/2017
1.1.4 86 11/14/2017
1.1.3 76 11/5/2017
1.1.2 155 10/11/2017
1.1.1 378 8/30/2017
1.1.0 44 8/30/2017
1.0.9 103 8/19/2017
1.0.8 75 8/7/2017
1.0.7 211 6/14/2017
1.0.6 291 5/24/2017
1.0.5 40 5/24/2017
1.0.4 52 5/17/2017
1.0.3 104 2/23/2017
1.0.2 57 2/8/2017
1.0.1 287 11/3/2016
1.0 152 11/1/2016
Show less