1212# See the License for the specific language governing permissions and
1313# limitations under the License.
1414
15+ Set-StrictMode - Version Latest
16+
1517if (($PSVersionTable.Keys -contains " PSEdition" -and ($PSVersionTable.PSEdition -ne ' Desktop'
1618 Import-Module " $PSScriptRoot \Core\NtObjectManager.dll"
1719}
@@ -1173,7 +1175,6 @@ function New-ExecutionAlias
11731175 )
11741176
11751177 $rp = [NtApiDotNet.ExecutionAliasReparseBuffer ]::new($Version , $PackageName , $EntryPoint , $Target , $Flags )
1176-
11771178 Use-NtObject ($file = New-NtFile - Path $Path - Win32Path - Options OpenReparsePoint, SynchronousIoNonAlert `
11781179 - Access GenericWrite, Synchronize - Disposition OpenIf) {
11791180 $file.SetReparsePoint ($rp )
@@ -1246,7 +1247,7 @@ Display up to 5 primary tokens from accessible processes named notepad.exe.
12461247function Show-NtToken {
12471248 [CmdletBinding (DefaultParameterSetName = " FromPid"
12481249 param (
1249- [Parameter (Mandatory = $true , Position = 0 , ParameterSetName = " FromToken" , ValueFromPipeline = $true )]
1250+ [Parameter (Mandatory = $true , Position = 0 , ParameterSetName = " FromToken" , ValueFromPipeline = $true )]
12501251 [NtApiDotNet.NtToken []]$Token ,
12511252 [Parameter (Mandatory = $true , Position = 0 , ParameterSetName = " FromProcess" , ValueFromPipeline = $true )]
12521253 [NtApiDotNet.NtProcess []]$Process ,
@@ -1259,40 +1260,40 @@ function Show-NtToken {
12591260 )
12601261
12611262 PROCESS {
1262- if (-not $ (Test-Path " $PSScriptRoot \TokenViewer.exe" - PathType Leaf)) {
1263- Write-Error " Missing token viewer application $PSScriptRoot \TokenViewer.exe"
1264- return
1265- }
1266- switch ($PSCmdlet.ParameterSetName ) {
1267- " FromProcess"
1268- foreach ($p in $Process ) {
1269- Use-NtObject ($t = Get-NtToken - Primary - Process $p ) {
1270- $text = " $ ( $p.Name ) :$ ( $p.ProcessId ) "
1271- Start-NtTokenViewer $t - Text $text
1272- }
1273- }
1274- }
1275- " FromName"
1276- Use-NtObject ($ps = Get-NtProcess - Name $Name - Access QueryLimitedInformation) {
1277- if ($MaxTokens -gt 0 ) {
1278- $ps = $ps | Select-Object - First $MaxTokens
1279- }
1280- $ps | Show-NtToken
1281- }
1282- }
1283- " FromPid"
1284- $cmdline = [string ]::Format(" TokenViewer --pid={0}" , $ProcessId )
1285- $config = New-Win32ProcessConfig $cmdline - ApplicationName " $PSScriptRoot \TokenViewer.exe" - InheritHandles
1286- Use-NtObject ($p = New-Win32Process - Config $config ) {
1287- }
1288- }
1289- " FromToken"
1290- foreach ($token in $Tokens ) {
1291- Start-NtTokenViewer $token
1292- }
1293- }
1294- }
1295- }
1263+ if (-not $ (Test-Path " $PSScriptRoot \TokenViewer.exe" - PathType Leaf)) {
1264+ Write-Error " Missing token viewer application $PSScriptRoot \TokenViewer.exe"
1265+ return
1266+ }
1267+ switch ($PSCmdlet.ParameterSetName ) {
1268+ " FromProcess"
1269+ foreach ($p in $Process ) {
1270+ Use-NtObject ($t = Get-NtToken - Primary - Process $p ) {
1271+ $text = " $ ( $p.Name ) :$ ( $p.ProcessId ) "
1272+ Start-NtTokenViewer $t - Text $text
1273+ }
1274+ }
1275+ }
1276+ " FromName"
1277+ Use-NtObject ($ps = Get-NtProcess - Name $Name - Access QueryLimitedInformation) {
1278+ if ($MaxTokens -gt 0 ) {
1279+ $ps = $ps | Select-Object - First $MaxTokens
1280+ }
1281+ $ps | Show-NtToken
1282+ }
1283+ }
1284+ " FromPid"
1285+ $cmdline = [string ]::Format(" TokenViewer --pid={0}" , $ProcessId )
1286+ $config = New-Win32ProcessConfig $cmdline - ApplicationName " $PSScriptRoot \TokenViewer.exe" - InheritHandles
1287+ Use-NtObject ($p = New-Win32Process - Config $config ) {
1288+ }
1289+ }
1290+ " FromToken"
1291+ foreach ($t in $Token ) {
1292+ Start-NtTokenViewer $t
1293+ }
1294+ }
1295+ }
1296+ }
12961297}
12971298
12981299<#
@@ -1322,7 +1323,8 @@ function Show-NtSection {
13221323 Param (
13231324 [Parameter (Position = 0 , Mandatory = $true )]
13241325 [NtApiDotNet.NtSection ]$Section ,
1325- [switch ]$ReadOnly
1326+ [switch ]$ReadOnly ,
1327+ [switch ]$Wait
13261328 )
13271329
13281330 if (! $Section.IsAccessGranted (" MapRead"
0 commit comments