Skip to content
Branch: master
Find file History
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
Forms Support ContainerAccessRightsType and display the SACL if available. Feb 25, 2019
Ndr
Properties Updated to v1.1.22. Apr 30, 2019
Utilities/Text Added text encoding for raw ALPC messages. Mar 13, 2019
Win32 Added support for calling Win32 CreateFile. May 16, 2019
AccessMask.cs Expanded access mask formatter. Mar 9, 2019
Ace.cs Added property to check if an ACE is an audit type. Mar 19, 2019
Acl.cs Reworked NtSecurity into separate files. Mar 9, 2019
AlpcMessage.cs Added trailing data to AlpcMessageType. Apr 4, 2019
AlpcMessageAttributes.cs Create continue attributes. Apr 4, 2019
AlpcPortSection.cs Cleanup unneeded private setters. Apr 3, 2019
AnnontationAttributes.cs Cleanup unneeded private setters. Apr 3, 2019
BoundaryDescriptor.cs Cleanup of NtDirectory. Feb 25, 2019
BufferUtils.cs Added some extra buffer utilities. Apr 8, 2019
CachedEnumerable.cs Added RPC process. Aug 14, 2018
CreateUserProcess.cs Added thread creation methods. Mar 10, 2019
CreateUserProcessResult.cs Cleanup unneeded private setters. Apr 3, 2019
DebugEvent.cs Added handling of breakpoint and single step exceptions. Mar 9, 2019
DisposableList.cs Reworked attributes a bit. Mar 4, 2019
EaBuffer.cs Cleanup unneeded private setters. Apr 3, 2019
GenericMapping.cs Reworked NtSecurity into separate files. Mar 9, 2019
INtTransaction.cs Split more source code into native components. Mar 9, 2019
MandatoryLabelAce.cs Reworked NtSecurity into separate files. Mar 9, 2019
MappedFile.cs Split more source code into native components. Mar 9, 2019
MemoryInformation.cs Cleanup unneeded private setters. Apr 3, 2019
NtAlpc.cs Updates for security contexts. Mar 9, 2019
NtAlpcNative.cs Renamed RequiresReply to ContinuationRequired. Apr 4, 2019
NtAlpcUtils.cs Added text encoding for raw ALPC messages. Mar 13, 2019
NtApiDotNet.Core.csproj Updated to v1.1.22. Apr 30, 2019
NtApiDotNet.csproj Added function codes for event tracing. May 14, 2019
NtApiDotNet.nuspec Updated to v1.1.22. Apr 30, 2019
NtAsyncResult.cs Fix missing brace. Feb 12, 2019
NtAtom.cs Split out atom code and cleaned up. Mar 9, 2019
NtAtomNative.cs Split out atom code and cleaned up. Mar 9, 2019
NtDebug.cs Added support to get the current thread's debug object. Mar 10, 2019
NtDebugNative.cs Added support to get the current thread's debug object. Mar 10, 2019
NtDesktop.cs Reimplemented NtTypeFactory to be more generic and rely less on refle… Feb 13, 2019
NtDirectory.cs Simplified format. Apr 1, 2019
NtDirectoryNative.cs Cleanup unneeded private setters. Apr 3, 2019
NtEnlistment.cs
NtEnlistmentNative.cs Added enlistment cmdlets. Mar 29, 2019
NtEtwRegistration.cs Added very basic support for ETW event tracing. May 10, 2019
NtEvent.cs Split event code into separate files. Mar 9, 2019
NtEventNative.cs Split event code into separate files. Mar 9, 2019
NtException.cs Initial implementation of RPC ALPC client. Apr 4, 2019
NtFile.cs Added support for EX FSCTL. May 17, 2019
NtFileNative.cs Cleanup unneeded private setters. Apr 3, 2019
NtFileUtils.cs Updated reparse tags. May 17, 2019
NtGeneric.cs Propagate the IsContainer property. Feb 25, 2019
NtHandle.cs Cleanup unneeded private setters. Apr 3, 2019
NtHeap.cs Added basic heap methods. May 22, 2018
NtIoCompletion.cs Split IO completion code. Mar 9, 2019
NtIoCompletionNative.cs Cleanup unneeded private setters. Apr 3, 2019
NtIoControlCode.cs Improved formatting of IO control codes. Feb 16, 2019
NtJob.cs Split more source code into native components. Mar 9, 2019
NtJobNative.cs Split more source code into native components. Mar 9, 2019
NtKey.cs Split registry transaction code. Mar 9, 2019
NtKeyNative.cs Split registry transaction code. Mar 9, 2019
NtKeyUtils.cs Clean up and separate out things. Feb 20, 2019
NtKeyValue.cs Cleanup unneeded private setters. Apr 3, 2019
NtLdr.cs Added some basic LDR methods. Mar 2, 2019
NtLdrNative.cs Added some basic LDR methods. Mar 2, 2019
NtLocale.cs Added non-throwing methods. Feb 23, 2019
NtMappedSection.cs Cleanup unneeded private setters. Apr 3, 2019
NtMutant.cs Formatted client id. Mar 9, 2019
NtMutantNative.cs Split more source code into native components. Mar 9, 2019
NtNamedPipeFile.cs Added SetAttribute to named pipe file. Jan 10, 2019
NtObject.cs Added Copy-NtObject cmdlet. Mar 11, 2019
NtObjectNative.cs Split WNF code. Mar 9, 2019
NtObjectUtils.cs Return an opaque buffer on corrupted reparse point. May 16, 2019
NtObjectWithDuplicate.cs Added Copy-NtObject cmdlet. Mar 11, 2019
NtObjectWithDuplicateAndInfo.cs Added extra methods to improve brute force queries. Feb 13, 2019
NtPartition.cs Split partition code. Mar 9, 2019
NtPartitionNative.cs Split partition code. Mar 9, 2019
NtProcess.cs Expose package full name from process token. Mar 25, 2019
NtProcessMitigations.cs Implemented a raw mitigation policy and created bit flags for the pol… Feb 22, 2019
NtProcessNative.cs Added some new information classes. Apr 21, 2019
NtRegistryTransaction.cs Split registry transaction code. Mar 9, 2019
NtRegistryTransactionNative.cs Split registry transaction code. Mar 9, 2019
NtResourceManager.cs Added enlistment cmdlets. Mar 29, 2019
NtResourceManagerNative.cs Added resource manager cmdlets and Get-NtTransactionGuid. Mar 28, 2019
NtResult.cs Cleanup unneeded private setters. Apr 3, 2019
NtRtl.cs Fix header comments. Nov 1, 2016
NtSection.cs Added relocation address. Mar 7, 2019
NtSectionNative.cs Added non-throwing section extend and image information. Mar 7, 2019
NtSecurity.cs Changed to using the real win32 last error Mar 13, 2019
NtSecurityNative.cs Incorrect value for unprotected sacl. May 15, 2019
NtSemaphore.cs Split semaphore and symbolic code. Mar 9, 2019
NtSemaphoreNative.cs Split semaphore and symbolic code. Mar 9, 2019
NtSession.cs Reimplemented NtTypeFactory to be more generic and rely less on refle… Feb 13, 2019
NtStatus.cs Updated NTSTATUS list. Feb 4, 2019
NtStructures.cs Fix header comments. Nov 1, 2016
NtSymbolicLink.cs Split semaphore and symbolic code. Mar 9, 2019
NtSymbolicLinkNative.cs Split semaphore and symbolic code. Mar 9, 2019
NtSystemInfo.cs Added processor information. Mar 10, 2019
NtSystemInfoNative.cs Cleanup unneeded private setters. Apr 3, 2019
NtThread.cs Added test alert method. Apr 21, 2019
NtThreadNative.cs Added test alert method. Apr 21, 2019
NtToken.cs Call new info class if available. Apr 21, 2019
NtTokenNative.cs Added some new 1903 token information classes. Apr 21, 2019
NtTrace.cs Added function codes for event tracing. May 14, 2019
NtTraceNative.cs Added function codes for event tracing. May 14, 2019
NtTransaction.cs Changed open call as you can't open by path. Mar 29, 2019
NtTransactionManager.cs Added enlistment cmdlets. Mar 29, 2019
NtTransactionManagerNative.cs Split more source code into native components. Mar 9, 2019
NtTransactionManagerUtils.cs Added generate get accessible transaction. Feb 1, 2019
NtTransactionNative.cs Changed open call as you can't open by path. Mar 29, 2019
NtType.cs Cleanup unneeded private setters. Apr 3, 2019
NtTypeFactory.cs Cleanup unneeded private setters. Apr 3, 2019
NtVirtualMemory.cs Split more source code into native components. Mar 9, 2019
NtVirtualMemoryNative.cs Split more source code into native components. Mar 9, 2019
NtWait.cs Added signal and wait. Apr 21, 2019
NtWindowStation.cs Reimplemented NtTypeFactory to be more generic and rely less on refle… Feb 13, 2019
NtWnf.cs Split WNF code. Mar 9, 2019
NtWnfNative.cs Split WNF code. Mar 9, 2019
ObjectAttributes.cs Misc cleanups. Feb 23, 2019
OptionalValues.cs Added OptionalInt64 class. Sep 8, 2018
Readme.txt Updated readme. Apr 5, 2019
ReparseBuffer.cs Updated reparse tags. May 17, 2019
SafeAlpcDataViewBuffer.cs Cleanup unneeded private setters. Apr 3, 2019
SafeAlpcPortSectionHandle.cs Reworked data view and port section implementation. Mar 9, 2019
SafeAlpcSecurityContextHandle.cs Updates for security contexts. Mar 9, 2019
SafeBufferGeneric.cs Added SafeBufferGeneric as a base class for all other safe buffers in… Mar 6, 2019
SafeBuffers.cs Cleanup unneeded private setters. Apr 3, 2019
SafeHGlobalBuffer.cs Added SafeBufferGeneric as a base class for all other safe buffers in… Mar 6, 2019
SafeKernelObjectHandle.cs Rationalized and cleaned up safe handles. Feb 16, 2019
SafeSidBufferHandle.cs Added AppContainerProfile to create AC profiles on the fly. Feb 20, 2019
SafeStructureInOutBuffer.cs Added setting the result back to the safe buffer. Feb 28, 2019
SecurityCapabilities.cs Added some new capabilities. Nov 26, 2018
SecurityDescriptor.cs Added security description information for ETW service triggers. May 10, 2019
SecurityQualityOfService.cs Initial implementation of RPC ALPC client. Apr 4, 2019
Sid.cs Added more general SID -> Name lookup and introduced a local cache fo… Apr 2, 2018
ThreadImpersonationContext.cs Reworked exception handles to remove Win32Exception where possible. Dec 1, 2016
TokenPrivilege.cs Cleanup unneeded private setters. Apr 3, 2019
UnicodeString.cs Added some basic LDR methods. Mar 2, 2019
UserGroup.cs Cleanup unneeded private setters. Apr 3, 2019

Readme.txt

NtApiDotNet - Managed .NET library for accessing NT API

(c) Google Inc. 2015, 2016, 2017, 2018, 2019
Developed by James Forshaw

This library is written entirely in C# to allow managed applications easy access to
various native NT API routines. It's used as the core of the sandbox analysis tools
as well as a Powershell Module. The purpose of this library is to make it easier to 
call into the NT API, handling things like variable length structures and lifetime
management.

The majority of the exposed classes and methods have XML documentation, which can 
be used for intellisense or converted into real documentation. Most of the low-level
APIs are not documented however, see the code for usage examples.

In addition to my own reverse engineering efforts and MSDN documentation the following
people or resources have proven invaluable in determing API functionality.

Process Hacker Sources: http://processhacker.sourceforge.net/
Windows NT/2000 Native API Reference: Gary Nebbett (ISBN 9781578701995)
Alex Ionescu
ALPC RPC client code inspired by work by Clement Rouault (@hakril) and Thomas Imbert
(@masthoon) at PacSec (https://pacsec.jp/psj17/PSJ2017_Rouault_Imbert_alpc_rpc_pacsec.pdf)
And others I've no doubt forgotten.

NOTE: It's still a work in progress and it's not designed to act as a documentation
source for the entire NT API. There will be bits missing. Patches are welcome to 
add missing functions or fix bugs, see the CONTRIBUTING file in the root of the solution.

Building for PowerShell Core 6.0/.NET Core 2.0
-----------------------------------------

In order to build for PowerShell Core 6.0 use the command line:

dotnet build NtApiDotNet\NtApiDotNet.Core.csproj -c Release

Building for .NET Core does not currently work in Visual Studio 2017.
You can’t perform that action at this time.