Formatters.ps1xml
<?xml version="1.0" encoding="utf-8" ?> <Configuration> <SelectionSets> <SelectionSet> <Name>AceTypes</Name> <Types> <TypeName>NtApiDotNet.Ace</TypeName> <TypeName>NtApiDotNet.MandatoryLabelAce</TypeName> </Types> </SelectionSet> </SelectionSets> <ViewDefinitions> <View> <Name>NtKeyEntryTable</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Provider.NtKeyEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>TypeName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>TypeName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtKeyEntryList</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Provider.NtKeyEntry</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>TypeName</PropertyName> </ListItem> <ListItem> <PropertyName>IsDirectory</PropertyName> </ListItem> <ListItem> <PropertyName>IsSymbolicLink</PropertyName> </ListItem> <ListItem> <PropertyName>RelativePath</PropertyName> </ListItem> <ListItem> <PropertyName>SymbolicLinkTarget</PropertyName> </ListItem> <ListItem> <PropertyName>MaximumGrantedAccess</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock> <Label>SecurityDescriptor</Label> </ListItem> <ListItem> <PropertyName>ValueCount</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.Values.Name</ScriptBlock> <Label>Values</Label> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>NtDirectoryEntryTable</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Provider.NtDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>TypeName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>TypeName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtTypeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtType</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SidTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Sid</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Sid</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.ToString()</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AceTable</Name> <ViewSelectedBy> <SelectionSetName>AceTypes</SelectionSetName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Mask</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Flags</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AceList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Ace</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Type</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> <Label>User</Label> </ListItem> <ListItem> <PropertyName>Sid</PropertyName> </ListItem> <ListItem> <PropertyName>Flags</PropertyName> </ListItem> <ListItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </ListItem> </ListItems> </ListEntry> <ListEntry> <EntrySelectedBy> <SelectionCondition> <TypeName>NtApiDotNet.Ace</TypeName> <PropertyName>IsConditionalAce</PropertyName> </SelectionCondition> </EntrySelectedBy> <ListItems> <ListItem> <PropertyName>Type</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> <Label>User</Label> </ListItem> <ListItem> <PropertyName>Sid</PropertyName> </ListItem> <ListItem> <PropertyName>Flags</PropertyName> </ListItem> <ListItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </ListItem> <ListItem> <PropertyName>Condition</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>TokenPrivilegeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.TokenPrivilege</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Luid</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Enabled</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Luid</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Enabled</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>TokenPrivilegeList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.TokenPrivilege</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>Luid</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> <ListItem> <PropertyName>Enabled</PropertyName> </ListItem> <ListItem> <PropertyName>DisplayName</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>MandatoryLabelAceList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.MandatoryLabelAce</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Flags</PropertyName> </ListItem> <ListItem> <PropertyName>Policy</PropertyName> </ListItem> <ListItem> <PropertyName>IntegrityLevel</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>UserGroupTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.UserGroup</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>UserGroupList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.UserGroup</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> <Label>Name</Label> </ListItem> <ListItem> <PropertyName>Sid</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>AtomTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtAtom</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Atom</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Atom</PropertyName> <FormatString>X04</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AtomList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtAtom</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <PropertyName>Atom</PropertyName> <FormatString>X04</FormatString> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>KeyTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtKey</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>30</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>LastWriteTime</Label> <Width>20</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubKeyCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ValueCount</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>LastWriteTime</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SubKeyCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ValueCount</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>TokenTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtToken</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>GroupCount</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PrivilegeCount</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AppContainer</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Restricted</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.User.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Groups.Length</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Privileges.Length</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>AppContainer</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Restricted</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SymlinkTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtSymbolicLink</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Target</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Target</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ObjectTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtObject</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Handle</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NtTypeName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Inherit</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ProtectFromClose</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.Handle.DangerousGetHandle()</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NtTypeName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Inherit</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProtectFromClose</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ObjectWide</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtObject</TypeName> </ViewSelectedBy> <WideControl> <WideEntries> <WideEntry> <WideItem> <PropertyName>Name</PropertyName> </WideItem> </WideEntry> </WideEntries> </WideControl> </View> <View> <Name>NtHandleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtHandle</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ProcessId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Handle</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ObjectType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Object</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>GrantedAccess</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Handle</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ObjectType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Object</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>GrantedAccess</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtHandleList</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtHandle</TypeName> </ViewSelectedBy> <ListControl> <ListEntries> <ListEntry> <ListItems> <ListItem> <PropertyName>ProcessId</PropertyName> </ListItem> <ListItem> <PropertyName>ObjectType</PropertyName> </ListItem> <ListItem> <PropertyName>Attributes</PropertyName> </ListItem> <ListItem> <PropertyName>Handle</PropertyName> <FormatString>X</FormatString> </ListItem> <ListItem> <PropertyName>Object</PropertyName> <FormatString>X016</FormatString> </ListItem> <ListItem> <PropertyName>GrantedAccess</PropertyName> <FormatString>X08</FormatString> </ListItem> <ListItem> <PropertyName>GrantedAccessString</PropertyName> </ListItem> <ListItem> <PropertyName>GrantedGenericAccessString</PropertyName> </ListItem> <ListItem> <PropertyName>Name</PropertyName> </ListItem> <ListItem> <ScriptBlock>$_.SecurityDescriptor.ToSddl()</ScriptBlock> <Label>SecurityDescriptor</Label> </ListItem> </ListItems> </ListEntry> </ListEntries> </ListControl> </View> <View> <Name>AccessCheckResult</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Cmdlets.Accessible.CommonAccessCheckResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>TokenId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Access</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>right</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>TokenId</PropertyName> <FormatString>X</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>GrantedGenericAccessString</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ExecutableManifest</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.ExecutableManifest</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>UiAccess</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AutoElevate</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ExecutionLevel</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>UiAccess</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>AutoElevate</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ExecutionLevel</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtProcessInformation</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtProcessInformation</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>PID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PPID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SessionId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ParentProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ImageName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SessionId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtThreadInformation</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtThreadInformation</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>TID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ProcessName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>StartAddress</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ThreadId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProcessName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>StartAddress</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>RpcEndpoint</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.RpcEndpoint</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>UUID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Version</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Protocol</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Endpoint</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Annotation</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>InterfaceId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>InterfaceVersion</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProtocolSequence</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Endpoint</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Annotation</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>RpcServer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.RpcServer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>UUID</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Ver</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Procs</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>EPs</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Service</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Running</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>InterfaceId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>InterfaceVersion</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProcedureCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EndpointCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ServiceName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>IsServiceRunning</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtKeyValue</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtKeyValue</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>DataObject</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>DataObject</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtStatusResultTable</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Cmdlets.Object.NtStatusResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Status</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>StatusName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Message</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Status</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>StatusName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Message</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtIoControlCode</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtIoControlCode</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>DeviceType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Function</Label> <Alignment>Right</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Method</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Access</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>DeviceType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Function</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Method</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Access</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AccessMask</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.AccessMask</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Access</Label> <Width>10</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Access</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtMappedSection</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtMappedSection</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>BaseAddress</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Protection</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Length</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Path</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>BaseAddress</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>Protection</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>LongLength</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FullPath</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>RunningService</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.RunningService</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Status</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ProcessId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Status</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AccessMaskEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.AccessMaskEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Mask</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Value</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>GenericAccess</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Mask</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>Value</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>GenericAccess</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SecurityDescriptorTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.SecurityDescriptor</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Owner</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>DACL ACE Count</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SACL ACE Count</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Integrity Level</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>if ($_.Owner -ne $null) { $_.Owner.Sid.Name } else { "NONE" }</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>if (-not $_.DaclPresent) { "NONE" } elseif ($_.Dacl.NullAcl) { "NULL DACL" } else { $_.DaclAceCount }</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>if (-not $_.SaclPresent) { "NONE" } elseif ($_.Sacl.NullAcl) { "NULL SACL" } else { $_.SaclAceCount }</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>if (-not $_.HasMandatoryLabelAce) { "NONE" } else { $_.IntegrityLevel }</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtWnf</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtWnf</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Width>50</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Lifetime</Label> <Width>9</Width> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Subscribers</Label> <Width>11</Width> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Lifetime</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SubscribersPresent</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtWindow</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtWindow</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Handle</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ProcessId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ThreadId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ClassName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Handle</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ThreadId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ClassName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DllExport</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.DllExport</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Ordinal</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Address</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Ordinal</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>if ($_.Address -eq 0) { $_.Forwarder } else { "0x{0:X}" -f $_.Address }</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DllImportFunction</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.DllImportFunction</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Address</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Address</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DllImport</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.DllImport</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>DllName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FunctionCount</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>DelayLoaded</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>DllName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FunctionCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>DelayLoaded</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DllImport</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtProcessMitigations</TypeName> </ViewSelectedBy> <CustomControl> <CustomEntries> <CustomEntry> <CustomItem> <Text><PROCESS </Text> <ExpressionBinding> <ScriptBlock>$_.ProcessId</ScriptBlock> </ExpressionBinding> <Text> - </Text> <ExpressionBinding> <ScriptBlock>$_.Name</ScriptBlock> </ExpressionBinding> <Text>></Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>ImagePath: </Text> <ExpressionBinding> <ScriptBlock>$_.ImagePath</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>Win32ImagePath: </Text> <ExpressionBinding> <ScriptBlock>$_.Win32ImagePath</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>CommandLine: </Text> <ExpressionBinding> <ScriptBlock>$_.CommandLine</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>IsRestricted: </Text> <ExpressionBinding> <ScriptBlock>$_.IsRestricted</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>IsAppContainer: </Text> <ExpressionBinding> <ScriptBlock>$_.IsAppContainer</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>IsLowPrivilegeAppContainer: </Text> <ExpressionBinding> <ScriptBlock>$_.IsLowPrivilegeAppContainer</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>IntegrityLevel: </Text> <ExpressionBinding> <ScriptBlock>$_.IntegrityLevel</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[SYSTEM CALL DISABLE]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>DisallowWin32kSystemCalls: </Text> <ExpressionBinding> <ScriptBlock>$_.DisallowWin32kSystemCalls</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditDisallowWin32kSystemCalls: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditDisallowWin32kSystemCalls</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[DEP]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>DepEnabled: </Text> <ExpressionBinding> <ScriptBlock>$_.DepEnabled</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>DisableAtlThunkEmulation: </Text> <ExpressionBinding> <ScriptBlock>$_.DisableAtlThunkEmulation</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>DepPermanent: </Text> <ExpressionBinding> <ScriptBlock>$_.DepPermanent</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[ASLR]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>EnableBottomUpRandomization: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableBottomUpRandomization</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableForceRelocateImages: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableForceRelocateImages</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableHighEntropy: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableHighEntropy</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>DisallowStrippedImages: </Text> <ExpressionBinding> <ScriptBlock>$_.DisallowStrippedImages</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[STRICT HANDLE CHECK]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>RaiseExceptionOnInvalidHandleReference: </Text> <ExpressionBinding> <ScriptBlock>$_.RaiseExceptionOnInvalidHandleReference</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>HandleExceptionsPermanentlyEnabled: </Text> <ExpressionBinding> <ScriptBlock>$_.HandleExceptionsPermanentlyEnabled</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[FONT DISABLE]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>DisableNonSystemFonts: </Text> <ExpressionBinding> <ScriptBlock>$_.DisableNonSystemFonts</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditNonSystemFontLoading: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditNonSystemFontLoading</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[DYNAMIC CODE]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>ProhibitDynamicCode: </Text> <ExpressionBinding> <ScriptBlock>$_.ProhibitDynamicCode</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AllowThreadOptOut: </Text> <ExpressionBinding> <ScriptBlock>$_.AllowThreadOptOut</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AllowRemoteDowngrade: </Text> <ExpressionBinding> <ScriptBlock>$_.AllowRemoteDowngrade</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditProhibitDynamicCode: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditProhibitDynamicCode</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[EXTENSION POINTS]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>DisableExtensionPoints: </Text> <ExpressionBinding> <ScriptBlock>$_.DisableExtensionPoints</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[CONTROL FLOW GUARD]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>EnabledControlFlowGuard: </Text> <ExpressionBinding> <ScriptBlock>$_.EnabledControlFlowGuard</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableExportSuppression: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableExportSuppression</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>ControlFlowGuardStrictMode: </Text> <ExpressionBinding> <ScriptBlock>$_.ControlFlowGuardStrictMode</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[SIGNATURE]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>MicrosoftSignedOnly: </Text> <ExpressionBinding> <ScriptBlock>$_.MicrosoftSignedOnly</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>StoreSignedOnly: </Text> <ExpressionBinding> <ScriptBlock>$_.StoreSignedOnly</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>SignedMitigationOptIn: </Text> <ExpressionBinding> <ScriptBlock>$_.SignedMitigationOptIn</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditMicrosoftSignedOnly: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditMicrosoftSignedOnly</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditStoreSignedOnly: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditStoreSignedOnly</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[IMAGE LOAD]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>NoRemoteImages: </Text> <ExpressionBinding> <ScriptBlock>$_.NoRemoteImages</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>NoLowMandatoryLabelImages: </Text> <ExpressionBinding> <ScriptBlock>$_.NoLowMandatoryLabelImages</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>PreferSystem32Images: </Text> <ExpressionBinding> <ScriptBlock>$_.PreferSystem32Images</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditNoRemoteImages: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditNoRemoteImages</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditNoLowMandatoryLabelImages: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditNoLowMandatoryLabelImages</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[SYSTEM CALL FILTER]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>SystemCallFilterId: </Text> <ExpressionBinding> <ScriptBlock>$_.SystemCallFilterId</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[CHILD PROCESS]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>NoChildProcessCreation: </Text> <ExpressionBinding> <ScriptBlock>$_.NoChildProcessCreation</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditNoChildProcessCreation: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditNoChildProcessCreation</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AllowSecureProcessCreation: </Text> <ExpressionBinding> <ScriptBlock>$_.AllowSecureProcessCreation</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[PAYLOAD RESTRICTIONS]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>EnableExportAddressFilter: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableExportAddressFilter</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditExportAddressFilter: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditExportAddressFilter</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableExportAddressFilterPlus: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableExportAddressFilterPlus</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditExportAddressFilterPlus: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditExportAddressFilterPlus</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableImportAddressFilter: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableImportAddressFilter</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditImportAddressFilter: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditImportAddressFilter</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableRopStackPivot: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableRopStackPivot</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditRopStackPivot: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditRopStackPivot</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableRopCallerCheck: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableRopCallerCheck</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditRopCallerCheck: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditRopCallerCheck</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>EnableRopSimExec: </Text> <ExpressionBinding> <ScriptBlock>$_.EnableRopSimExec</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>AuditRopSimExec: </Text> <ExpressionBinding> <ScriptBlock>$_.AuditRopSimExec</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> <NewLine/> <Text>[SIDE CHANNEL ISOLATION]</Text> <NewLine/> <Frame> <LeftIndent>2</LeftIndent> <CustomItem> <Text>SmtBranchTargetIsolation: </Text> <ExpressionBinding> <ScriptBlock>$_.SmtBranchTargetIsolation</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>IsolateSecurityDomain: </Text> <ExpressionBinding> <ScriptBlock>$_.IsolateSecurityDomain</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>DisablePageCombine: </Text> <ExpressionBinding> <ScriptBlock>$_.DisablePageCombine</ScriptBlock> </ExpressionBinding> <NewLine/> <Text>SpeculativeStoreBypassDisable: </Text> <ExpressionBinding> <ScriptBlock>$_.SpeculativeStoreBypassDisable</ScriptBlock> </ExpressionBinding> <NewLine/> </CustomItem> </Frame> </CustomItem> </CustomEntry> </CustomEntries> </CustomControl> </View> <View> <Name>ObjectDirectoryInformationTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.ObjectDirectoryInformation</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>TypeName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NtTypeName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuthenticationPackageTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authentication.AuthenticationPackage</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Comment</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Capabilities</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Comment</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Capabilities</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SafeLoadLibraryHandleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.SafeLoadLibraryHandle</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ImageBase</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>EntryPoint</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ImageBase</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>EntryPointAddress</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ProcessModuleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.ProcessModule</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ImageBase</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ImageSize</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ImageBase</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>ImageSize</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SafeKernelObjectHandleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.SafeKernelObjectHandle</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Handle</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NtTypeName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Inherit</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ProtectFromClose</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>IsClosed</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_.DangerousGetHandle()</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>NtTypeName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Inherit</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ProtectFromClose</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>IsClosed</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>MemoryInformationTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.MemoryInformation</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Address</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Size</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Protect</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>State</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>BaseAddress</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>RegionSize</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Protect</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>State</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>PrivilegeCheckResultTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.PrivilegeCheckResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>EnabledPrivileges</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AllPrivilegesHeld</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>EnabledPrivileges</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>AllPrivilegesHeld</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ClaimSecurityAttributeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.ClaimSecurityAttribute</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ValueType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Values</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Flags</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ValueType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Values</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SecurityDescriptorInheritanceSourceTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authorization.SecurityDescriptorInheritanceSource</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Depth</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Access</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Depth</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Sid.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>GenericAccess</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>Win32SetSecurityDescriptorResultTable</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Cmdlets.Win32.Win32SetSecurityDescriptorResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>SecuritySet</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Error</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>SecuritySet</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Error</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ObjectTypeTreeTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Utilities.Security.ObjectTypeTree</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ObjectType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Node Count</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ObjectType</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Nodes.Count</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuthZAccessCheckResultGenericTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authorization.AuthZAccessCheckResult</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Error</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Granted Access</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Privileges</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Error</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SpecificGenericGrantedAccess</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>if ($_.PrivilegesRequired.Count -gt 0) { $_.PrivilegesRequired } else { "NONE" }</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AccessCheckResultGenericTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.AccessCheckResultGeneric</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Status</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Granted Access</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Privileges</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Status</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SpecificGenericGrantedAccess</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>if ($_.PrivilegesRequired.Count -gt 0) { $_.PrivilegesRequired } else { "NONE" }</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>CentralAccessPolicyTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Security.Policy.CentralAccessPolicy</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>CapId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Description</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>CapId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Description</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>CentralAccessRuleTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Security.Policy.CentralAccessRule</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Description</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>AppliesTo</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Description</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>AppliesTo</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuditCategoryTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Audit.AuditCategory</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubCategory Count</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.SubCategories.Count</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuditSubCategoryTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Audit.AuditSubCategory</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Policy</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Policy</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuditPerUserCategoryTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Audit.AuditPerUserCategory</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubCategory Count</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.User.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.SubCategories.Count</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AuditPerUserSubCategoryTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Audit.AuditPerUserSubCategory</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Policy</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.User.Name</ScriptBlock> </TableColumnItem> <TableColumnItem> <PropertyName>Policy</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>LogonSessionTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authentication.LogonSession</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>LogonId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>UserName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>LogonType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SessionId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>LogonId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FullQualifiedUserName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>LogonType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SessionId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AccountRightTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Policy.AccountRight</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Sids</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>[string]::Join(", ", $_.Sids.Name)</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ConsoleSessionTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.ConsoleSession</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>SessionId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>UserName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SessionName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>State</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>SessionId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FullQualifiedUserName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SessionName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>State</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>LuidTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Luid</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>LUID</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <ScriptBlock>$_</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtlmAuthenticationTokenTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authentication.Ntlm.NtlmAuthenticationToken</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>MessageType</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>MessageType</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Flags</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>KerberosAuthenticationKeyTable</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authentication.Kerberos.KerberosAuthenticationKey</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>KeyEncryption</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Principal</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NameType</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>KeyEncryption</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Principal</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NameType</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FilterDriver</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Filter.FilterDriver</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Altitude</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NumberOfInstances</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Altitude</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NumberOfInstances</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FilterInstance</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Filter.FilterInstance</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Altitude</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>VolumeName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FilterName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Altitude</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>VolumeName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FilterName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FilterVolume</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Filter.FilterVolume</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>FilterVolumeName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSystemType</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>FilterVolumeName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileSystemType</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceSetupClass</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceSetupClass</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FriendlyName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Class</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FriendlyName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Class</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceProperty</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceProperty</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Data</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.FormatData()</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceNode</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceTreeNode</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>HasChildren</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>InstanceId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>HasChildren</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>InstanceId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceInstance</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceNode</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>InstanceId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>InstanceId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceInterfaceClass</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceInterfaceClass</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Class</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Class</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceInterfaceInstance</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceInterfaceInstance</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>SymbolicLinkPath</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>SymbolicLinkPath</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DeviceStackEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Device.DeviceStackEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Driver</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Driver</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileIdDirectoryEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileIdDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EndOfFile</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileBothDirectoryEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileBothDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ShortName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ShortName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EndOfFile</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileIdBothDirectoryEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileIdBothDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ShortName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ShortName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EndOfFile</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileDirectoryEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileDirectoryEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Attributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EndOfFile</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Attributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DirectoryChangeNotificationExtended</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.DirectoryChangeNotificationExtended</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Action</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileAttributes</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Action</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileSize</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileAttributes</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>DirectoryChangeNotification</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.DirectoryChangeNotification</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Action</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Action</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtFileReparsePoint</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtFileReparsePoint</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Tag</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FullPath</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Tag</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FullPath</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtFileObjectId</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.NtFileObjectId</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ObjectId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FullPath</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ObjectId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>FullPath</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>MountPoint</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.IO.MountPointManager.MountPoint</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>SymbolicLinkName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>DeviceName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>SymbolicLinkName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>DeviceName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>MountPointReparseBuffer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.MountPointReparseBuffer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Tag</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubstitutionName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PrintName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Tag</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SubstitutionName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>PrintName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SymlinkReparseBuffer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.SymlinkReparseBuffer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Tag</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>SubstitutionName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PrintName</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Tag</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Flags</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>SubstitutionName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>PrintName</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>OpaqueReparseBuffer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.OpaqueReparseBuffer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Tag</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Data</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Tag</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Data</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>GenericReparseBuffer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.GenericReparseBuffer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Tag</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Guid</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Data</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Tag</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Guid</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Data</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileObjectIdBuffer</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileObjectIdBuffer</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ObjectId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>BirthVolumeId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>BirthObjectId</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ObjectId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>BirthVolumeId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>BirthObjectId</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>FileQuotaEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.FileQuotaEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>User</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>QuotaUsed</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>QuotaLimit</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>QuotaPercent</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>User</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>QuotaUsed</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>QuotaLimit</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>QuotaPercent</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>UsnJournalRecord</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.IO.UsnJournal.UsnJournalRecord</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Usn</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>FileName</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Reason</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Usn</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>FileName</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Reason</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>AppContainerProfile</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.AppContainerProfile</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Sid</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Sid</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>PsProtection</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.PsProtection</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Signer</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Signer</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ElamInformation</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authenticode.ElamInformation</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Algorithm</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>CertificateHash</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Algorithm</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>CertificateHash</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ImagePolicyMetadata</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authenticode.ImagePolicyMetadata</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Id</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Policies</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Id</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Policies</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ImagePolicyEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authenticode.ImagePolicyEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>PolicyId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Type</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Value</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>PolicyId</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Type</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Value</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>EnclaveConfiguration</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Security.Authenticode.EnclaveConfiguration</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>EnclaveSize</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NumberOfThreads</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Debuggable</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>PrimaryImage</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>EnclaveSize</PropertyName> <FormatString>X08</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>NumberOfThreads</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Debuggable</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>PrimaryImage</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>NtHandleObjectGroup</Name> <ViewSelectedBy> <TypeName>NtObjectManager.Cmdlets.Object.NtHandleObjectGroup</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Count</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>ShareCount</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Object</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Handles</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Count</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>ShareCount</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Object</PropertyName> <FormatString>X016</FormatString> </TableColumnItem> <TableColumnItem> <PropertyName>Handles</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>ApiSetEntry</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.ApiSet.ApiSetEntry</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>HostModule</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Flags</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>HostModule</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Flags</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>SidName</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.SidName</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>Domain</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Name</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Source</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>NameUse</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Sddl</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>Domain</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Name</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Source</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>NameUse</PropertyName> </TableColumnItem> <TableColumnItem> <PropertyName>Sddl</PropertyName> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> <View> <Name>Win32DebugString</Name> <ViewSelectedBy> <TypeName>NtApiDotNet.Win32.Debugger.Win32DebugString</TypeName> </ViewSelectedBy> <TableControl> <TableHeaders> <TableColumnHeader> <Label>ProcessId</Label> <Alignment>left</Alignment> </TableColumnHeader> <TableColumnHeader> <Label>Output</Label> <Alignment>left</Alignment> </TableColumnHeader> </TableHeaders> <TableRowEntries> <TableRowEntry> <TableColumnItems> <TableColumnItem> <PropertyName>ProcessId</PropertyName> </TableColumnItem> <TableColumnItem> <ScriptBlock>$_.Output.TrimEnd()</ScriptBlock> </TableColumnItem> </TableColumnItems> </TableRowEntry> </TableRowEntries> </TableControl> </View> </ViewDefinitions> </Configuration> |