NtObjectManager
1.1.18
This module adds a provider and cmdlets to access the NT object manager namespace.
Minimum PowerShell version
3.0
See the version list below for details.
Installation Options
Owners
Copyright
(c) 2016, 2017, 2018, 2019 Google Inc. All rights reserved.
Package Details
Author(s)
- James Forshaw
Tags
security defence offence sandbox
Cmdlets
Add-NtKey Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKey New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager
Functions
Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias New-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Invoke-NtToken Get-NtSecurityDescriptor Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtObjectInformation Set-NtObjectInformation
Dependencies
This module has no dependencies.
Release Notes
1.1.18
------
* Added better support for transaction objects including some cmdlets.
* Added general QueryInformation and SetInformation methods to a number of objects.
* Added side channel isolation mitigation policy.
* Added more FS volume information classes.
* Added extended section/memory functions.
* Added a few missing NDR type formats.
* Added BNO isolation process attribute.
* Added new types to separate out named pipes from normal files.
* Added Start-NtFileOplock.
* Added support for absolute security descriptors.
FileList
- NtObjectManager.nuspec
- Be.Windows.Forms.HexBox.dll
- EditSection.exe
- Formatters.ps1xml
- NDesk.Options.dll
- NtApiDotNet.dll
- NtObjectManager.dll
- NtObjectManager.dll-Help.xml
- NtObjectManager.psd1
- NtObjectManager.psm1
- TokenViewer.exe
- ViewSecurityDescriptor.exe
- WeifenLuo.WinFormsUI.Docking.dll
- Core\NtApiDotNet.dll
- Core\NtObjectManager.dll
- en-US\about_ManagingNtObjectLifetime.help.txt
- en-US\about_NtObjectManagerProvider.help.txt
Version History
Version | Downloads | Last updated |
---|---|---|
2.0.1 | 98,059 | 11/15/2023 |
2.0.0 | 3,952 | 9/12/2023 |
2.0.0-alpha2... | 26 | 8/31/2023 |
1.1.33 | 42,403 | 1/22/2022 |
1.1.32 | 54,604 | 8/18/2021 |
1.1.31 | 4,667 | 3/16/2021 |
1.1.30 | 1,052 | 1/15/2021 |
1.1.29 | 1,071 | 11/23/2020 |
1.1.28 | 2,223 | 6/30/2020 |
1.1.27 | 2,176 | 2/10/2020 |
1.1.26 | 499 | 1/21/2020 |
1.1.25 | 491 | 1/2/2020 |
1.1.24 | 520 | 12/10/2019 |
1.1.23 | 965 | 10/15/2019 |
1.1.22 | 2,629 | 4/30/2019 |
1.1.21 | 207 | 4/23/2019 |
1.1.20 | 1,217 | 3/9/2019 |
1.1.19 | 211 | 2/4/2019 |
1.1.18 (current version) | 44 | 2/4/2019 |
1.1.17 | 681 | 9/9/2018 |
1.1.16 | 191 | 8/1/2018 |
1.1.15 | 241 | 6/18/2018 |
1.1.14 | 382 | 5/1/2018 |
1.1.13 | 120 | 4/4/2018 |
1.1.12 | 335 | 3/19/2018 |
1.1.11 | 142 | 3/4/2018 |
1.1.10 | 53 | 3/1/2018 |
1.1.9 | 86 | 2/22/2018 |
1.1.8 | 100 | 2/6/2018 |
1.1.7 | 109 | 1/11/2018 |
1.1.6 | 116 | 12/3/2017 |
1.1.5 | 59 | 11/23/2017 |
1.1.4 | 86 | 11/14/2017 |
1.1.3 | 76 | 11/5/2017 |
1.1.2 | 155 | 10/11/2017 |
1.1.1 | 378 | 8/30/2017 |
1.1.0 | 44 | 8/30/2017 |
1.0.9 | 103 | 8/19/2017 |
1.0.8 | 75 | 8/7/2017 |
1.0.7 | 211 | 6/14/2017 |
1.0.6 | 291 | 5/24/2017 |
1.0.5 | 40 | 5/24/2017 |
1.0.4 | 52 | 5/17/2017 |
1.0.3 | 104 | 2/23/2017 |
1.0.2 | 57 | 2/8/2017 |
1.0.1 | 287 | 11/3/2016 |
1.0 | 152 | 11/1/2016 |