NtObjectManager
1.1.27
This module adds a provider and cmdlets to access the NT object manager namespace.
Minimum PowerShell version
3.0
See the version list below for details.
Installation Options
Owners
Copyright
(c) 2016-2020 Google Inc. All rights reserved.
Package Details
Author(s)
- James Forshaw
Tags
security defence offence sandbox
Cmdlets
Add-NtKey Get-NtDirectory Get-NtEvent Get-NtFile Get-NtFileReparsePoint Get-NtHandle Get-NtKey Get-NtMutant Get-NtNamedPipeFile Get-NtObject Get-NtProcess Get-NtSemaphore Get-NtStatus Get-NtSymbolicLink Get-NtSymbolicLinkTarget Get-NtThread Get-NtToken Get-NtType New-NtDirectory New-NtEvent New-NtFile New-NtKey New-NtMailslotFile New-NtMutant New-NtNamedPipeFile New-NtSecurityDescriptor New-NtSemaphore New-NtSymbolicLink Remove-NtFileReparsePoint Start-NtWait Use-NtObject Get-NtSid Get-NtSection New-NtSection Get-AccessibleAlpcPort Get-AccessibleKey Get-AccessibleProcess Get-AccessibleFile Get-AccessibleObject Get-NtAccessMask Get-AccessibleDevice Get-AccessibleNamedPipe Get-NtGrantedAccess Get-NtJob New-NtJob Get-AccessibleService Get-AccessibleHandle Remove-NtKey New-NtToken Remove-NtFile Get-NtDirectoryChild Get-NtKeyChild Add-DosDevice Remove-DosDevice Get-NtFileChild Set-NtFileReparsePoint Get-NtPartition New-NtPartition Get-NtWaitTimeout New-NtTransaction Get-NtTransaction New-NtTransactionManager Get-NtTransactionManager Connect-NtAlpcClient New-NtAlpcServer New-NtAlpcPortAttributes New-NtAlpcMessage Send-NtAlpcMessage Receive-NtAlpcMessage Connect-NtAlpcServer New-NtAlpcReceiveAttributes New-NtAlpcSendAttributes New-NtAlpcPortSection New-NtAlpcDataView New-NtAlpcSecurityContext New-NtDebug Get-NtDebug Start-NtDebugWait Add-NtDebugProcess Remove-NtDebugProcess Copy-NtObject New-NtResourceManager Get-NtResourceManager Get-NtTransactionGuid Get-NtEnlistment New-NtEnlistment Get-RpcServerName Set-RpcServerName Set-NtFileHardlink Test-NetworkAccess Get-AccessibleScheduledTask Compare-RpcServer Select-RpcServer Add-NtTokenSecurityAttribute Remove-NtTokenSecurityAttribute Get-AccessibleEventTrace Test-NtToken Get-AccessibleToken Set-NtProcessJob Get-AccessibleWnf Get-AccessibleWindowStation Get-NtProcessJob Get-NtWindowStation Get-NtDesktop New-NtWindowStation New-NtDesktop
Functions
Get-AccessibleAlpcPort Set-NtTokenPrivilege Set-NtTokenIntegrityLevel Get-NtProcessMitigations New-NtKernelCrashDump New-NtObjectAttributes New-NtSecurityQualityOfService Get-NtLicenseValue Get-NtSystemEnvironmentValue New-Win32Process New-NtEaBuffer New-NtSectionImage New-Win32ProcessConfig Get-NtTokenFromProcess Get-ExecutableManifest New-NtProcess New-NtProcessConfig Get-NtFilePath Show-NtTokenEffective Show-NtSecurityDescriptor Get-NtIoControlCode Import-NtObject Export-NtObject Get-ExecutionAlias Set-ExecutionAlias Show-NtToken Show-NtSection Resolve-NtObjectAddress Invoke-NtToken Get-NtSecurityDescriptor Set-NtSecurityDescriptor Add-NtVirtualMemory Get-NtVirtualMemory Remove-NtVirtualMemory Set-NtVirtualMemory Read-NtVirtualMemory Write-NtVirtualMemory Get-EmbeddedAuthenticodeSignature Get-NtSidName New-SymbolResolver New-NdrParser Format-NdrComplexType Format-NdrProcedure Format-NdrComProxy Get-NdrComProxy Get-NdrRpcServerInterface Format-NdrRpcServerInterface Get-NtMappedSection Get-NtWnf Get-NtCachedSigningLevel Add-NtSecurityDescriptorDaclAce Get-NtFilePathType New-NtType Get-NtAlpcServer Get-RpcEndpoint Get-RpcServer Set-GlobalSymbolResolver Get-RunningService Copy-NtToken Get-RpcAlpcServer Get-NtObjectFromHandle Start-Win32ChildProcess Get-NtKeyValue Start-NtFileOplock Format-RpcServer Get-NtObjectInformation Set-NtObjectInformation Get-NtProcessMitigationPolicy Set-NtProcessMitigationPolicy Format-NtSecurityDescriptor Get-AppContainerProfile New-AppContainerProfile Get-RpcClient Format-RpcClient Set-RpcServer Connect-RpcClient New-RpcContextHandle Format-RpcComplexType Get-Win32File Close-NtObject Start-AccessibleScheduledTask Get-NtEaBuffer Set-NtEaBuffer Suspend-NtProcess Resume-NtProcess Stop-NtProcess Suspend-NtThread Resume-NtThread Stop-NtThread Format-NtToken Remove-NtTokenPrivilege Get-NtTokenPrivilege Get-NtLocallyUniqueId Get-NtTokenGroup Get-NtTokenSid Set-NtTokenSid Set-NtTokenGroup Get-NtDesktopName Get-NtWindowStationName Get-NtWindow Out-HexDump Get-NtTypeAccess
Dependencies
This module has no dependencies.
Release Notes
1.1.27
--------
* Added support for directory change notifications.
* Added New-NtDesktop, Get-NtDesktop and Get-NtDesktopName.
* Added New-NtWindowStation, Get-NtWindowStation and Get-NtWindowStationName.
* Changed Win32 error codes to an enumeration.
* Added Load/Unload driver.
* Added properties to NtType to show access masks.
* Added basic SendInput method.
* Added token source tab to Token Viewer.
* Updated for the Job object and New-NtJob.
* Added NtWindow class a HWND enumeration.
* Added Get-AccessibleWindowStation command.
* Added some well known WNF names.
* Added option to Get-AccessibleService to check file permissions.
* Added Set-NtProcessJob command.
* Added Get-AccessibleToken command.
* Added support for compound ACEs.
* Added Get/Sid-NtTokenSid and Get/Set-NtTokenGroup.
* Added Get-AccessibleEventTrace command.
* Added Get-AccessibleWnf command.
FileList
- NtObjectManager.nuspec
- Be.Windows.Forms.HexBox.dll
- EditSection.exe
- Formatters.ps1xml
- NDesk.Options.dll
- NtApiDotNet.dll
- NtObjectManager.dll
- NtObjectManager.dll-Help.xml
- NtObjectManager.psd1
- NtObjectManager.psm1
- TokenViewer.exe
- ViewSecurityDescriptor.exe
- WeifenLuo.WinFormsUI.Docking.dll
- en-US\about_ManagingNtObjectLifetime.help.txt
- en-US\about_NtObjectManagerProvider.help.txt
Version History
Version | Downloads | Last updated |
---|---|---|
2.0.1 | 96,946 | 11/15/2023 |
2.0.0 | 3,952 | 9/12/2023 |
2.0.0-alpha2... | 26 | 8/31/2023 |
1.1.33 | 42,403 | 1/22/2022 |
1.1.32 | 54,601 | 8/18/2021 |
1.1.31 | 4,665 | 3/16/2021 |
1.1.30 | 1,052 | 1/15/2021 |
1.1.29 | 1,071 | 11/23/2020 |
1.1.28 | 2,223 | 6/30/2020 |
1.1.27 (current version) | 2,176 | 2/10/2020 |
1.1.26 | 499 | 1/21/2020 |
1.1.25 | 491 | 1/2/2020 |
1.1.24 | 520 | 12/10/2019 |
1.1.23 | 965 | 10/15/2019 |
1.1.22 | 2,629 | 4/30/2019 |
1.1.21 | 207 | 4/23/2019 |
1.1.20 | 1,217 | 3/9/2019 |
1.1.19 | 211 | 2/4/2019 |
1.1.18 | 44 | 2/4/2019 |
1.1.17 | 681 | 9/9/2018 |
1.1.16 | 191 | 8/1/2018 |
1.1.15 | 241 | 6/18/2018 |
1.1.14 | 382 | 5/1/2018 |
1.1.13 | 120 | 4/4/2018 |
1.1.12 | 335 | 3/19/2018 |
1.1.11 | 142 | 3/4/2018 |
1.1.10 | 53 | 3/1/2018 |
1.1.9 | 86 | 2/22/2018 |
1.1.8 | 100 | 2/6/2018 |
1.1.7 | 109 | 1/11/2018 |
1.1.6 | 116 | 12/3/2017 |
1.1.5 | 59 | 11/23/2017 |
1.1.4 | 86 | 11/14/2017 |
1.1.3 | 76 | 11/5/2017 |
1.1.2 | 155 | 10/11/2017 |
1.1.1 | 377 | 8/30/2017 |
1.1.0 | 44 | 8/30/2017 |
1.0.9 | 103 | 8/19/2017 |
1.0.8 | 75 | 8/7/2017 |
1.0.7 | 211 | 6/14/2017 |
1.0.6 | 291 | 5/24/2017 |
1.0.5 | 40 | 5/24/2017 |
1.0.4 | 52 | 5/17/2017 |
1.0.3 | 104 | 2/23/2017 |
1.0.2 | 57 | 2/8/2017 |
1.0.1 | 287 | 11/3/2016 |
1.0 | 152 | 11/1/2016 |