Formatters.ps1xml
<?xml version="1.0" encoding="utf-8" ?>
<Configuration> <ViewDefinitions> <View> <Name>NtDirectoryEntryTable</Name> <ViewSelectedBy> <TypeName>NtObjectManager.NtDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>40</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>TypeName</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>TypeName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtDirectoryEntryList</Name> <ViewSelectedBy> <TypeName>NtObjectManager.NtDirectoryEntry</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>TypeName</PropertyName> </ListItem> <ListItem> <PropertyName>IsDirectory</PropertyName> </ListItem> <ListItem> <PropertyName>IsSymbolicLink</PropertyName> </ListItem> <ListItem> <PropertyName>RelativePath</PropertyName> </ListItem> <ListItem> <PropertyName>SymbolicLinkTarget</PropertyName> </ListItem> <ListItem> <PropertyName>MaximumGrantedAccess</PropertyName> <FormatString>X08</FormatString> </ListItem> <ListItem> <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock> <Label>SecurityDescriptor</Label> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>NtTypeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtType</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>40</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SidTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Sid</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>40</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Sid</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.ToString()</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>Ace</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Ace</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Type</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>User</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Width>20</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Mask</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>AceType</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>AceFlags</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>Ace</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Ace</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>AceType</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> <Label>User</Label> </ListItem> <ListItem> <PropertyName>Sid</PropertyName> </ListItem> <ListItem> <PropertyName>AceFlags</PropertyName> </ListItem> <ListItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>TokenPrivilegeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.TokenPrivilege</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Luid</Label> <Width>20</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>IsEnabled</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Luid</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Enabled</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>TokenPrivilegeList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.TokenPrivilege</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>Luid</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> <ListItem> <PropertyName>Enabled</PropertyName> </ListItem> <ListItem> <PropertyName>DisplayName</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>UserGroupTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.UserGroup</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>UserGroupList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.UserGroup</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> <Label>Name</Label> </ListItem> <ListItem> <PropertyName>Sid</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>AtomTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtAtom</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Atom</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Atom</PropertyName> <FormatString>X04</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AtomList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtAtom</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>Atom</PropertyName> <FormatString>X04</FormatString> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>KeyTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtKey</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>LastWriteTime</Label> <Width>20</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubKeyCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ValueCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>LastWriteTime</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SubKeyCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ValueCount</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>TokenTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtToken</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>User</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>GroupCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PrivilegeCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AppContainer</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Restricted</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.User.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Groups.Length</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Privileges.Length</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>AppContainer</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Restricted</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SymlinkTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtSymbolicLink</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Target</Label> <Width>40</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Target</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ObjectTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtObject</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NtTypeName</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NtTypeName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ObjectWide</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtObject</TypeName> </ViewSelectedBy> <WideControl> <WideEntries> <WideEntry> <WideItem> <PropertyName>Name</PropertyName> </WideItem> </WideEntry> </WideEntries> </WideControl> </View> <View> <Name>NtHandleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtHandle</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ProcessId</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Handle</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ObjectType</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Object</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>GrantedAccess</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Handle</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ObjectType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Object</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>GrantedAccess</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtHandleList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtHandle</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>ProcessId</PropertyName> </ListItem> <ListItem> <PropertyName>ObjectType</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> <ListItem> <PropertyName>Handle</PropertyName> <FormatString>X</FormatString> </ListItem> <ListItem> <PropertyName>Object</PropertyName> <FormatString>X016</FormatString> </ListItem> <ListItem> <PropertyName>GrantedAccess</PropertyName> <FormatString>X08</FormatString> </ListItem> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock> <Label>SecurityDescriptor</Label> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>AccessCheckResult</Name> <ViewSelectedBy> <TypeName>NtObjectManager.AccessCheckResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>TokenId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Access</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>right</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>TokenId</PropertyName> <FormatString>X</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>GrantedGenericAccessString</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ExecutableManifest</Name> <ViewSelectedBy> <TypeName>SandboxAnalysisUtils.ExecutableManifest</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>40</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>UiAccess</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AutoElevate</Label> <Width>15</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ExecutionLevel</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>UiAccess</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>AutoElevate</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ExecutionLevel</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> </ViewDefinitions> </Configuration> |